CVE-2021-3326
glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
La función iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones 2.32 y anteriores, cuando procesa secuencias de entrada no válidas en la codificación ISO-2022-JP-3, se produce un fallo una aserción en la ruta del código y aborta el programa, potencialmente resultando en una denegación de servicio
A flaw was found in glibc's iconv() functionality. This flaw allows an attacker capable of supplying a crafted sequence of characters to an application using iconv() to convert from ISO-2022-JP-3 to cause an assertion failure. The highest threat from this vulnerability is to system availability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, cross site scripting, denial of service, integer overflow, and null pointer vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-27 CVE Reserved
- 2021-01-27 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/01/28/2 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210304-0007 | Third Party Advisory |
|
| https://sourceware.org/bugzilla/show_bug.cgi?id=27256 | Issue Tracking | |
| https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888 | ||
| https://www.oracle.com/security-alerts/cpuapr2022.html | Not Applicable |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2022.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202107-07 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2021-3326 | 2021-05-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1921916 | 2021-05-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.32.0 Search vendor "Gnu" for product "Glibc" and version " <= 2.32.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | >= 11.0 <= 11.60.3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.60.3" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" | 1.5.0 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "1.5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||