Bug 1905217 (CVE-2020-29562) - CVE-2020-29562 glibc: assertion failure in iconv when converting invalid UCS4
Summary: CVE-2020-29562 glibc: assertion failure in iconv when converting invalid UCS4
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-29562
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1905218 1912204 1912205 1912206
Blocks: 1905219
TreeView+ depends on / blocked
 
Reported: 2020-12-07 18:34 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-25 17:26 UTC (History)
11 users (show)

Fixed In Version: glibc 2.33
Clone Of:
Environment:
Last Closed: 2021-05-27 17:32:00 UTC
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-12-07 18:34:55 UTC 
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Comment 1 Guilherme de Almeida Suckevicz 2020-12-07 18:36:35 UTC 
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1905218]
Comment 2 Siddhesh Poyarekar 2020-12-08 02:47:23 UTC 
Upstream fix: https://sourceware.org/git/?p=glibc.git;h=228edd356f03bf62dcf2b1335f25d43c602ee68d
Comment 3 lnacshon 2020-12-10 10:32:33 UTC 
No services using 2.30-2.32
Comment 10 Product Security DevOps Team 2021-05-27 17:32:00 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-29562
Note You need to log in before you can comment on or make changes to this bug.