Bug 1135840 (CVE-2012-6656) - CVE-2012-6656 glibc: crash in IBM930 decoding
Summary: CVE-2012-6656 glibc: crash in IBM930 decoding
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-6656
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1135843
TreeView+ depends on / blocked
 
Reported: 2014-09-01 02:25 UTC by Murray McAllister
Modified: 2021-02-17 06:16 UTC (History)
9 users (show)

Fixed In Version: glibc 2.16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-01 02:26:38 UTC
Embargoed:

Attachments (Terms of Use)

Description Murray McAllister 2014-09-01 02:25:22 UTC 
A crash was found in the IBM930 decoding:

https://sourceware.org/bugzilla/show_bug.cgi?id=14134
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=6e230d11837f3a

Florian Weimer noted:

"...out-of-bounds reads at a fixed offset relative to the data segment of a DSO, and in all cases I've seen, they were right in the middle of an unmapped segment of the same DSO. This means that these bugs are just crashers, but they can still result in denial-of-service conditions."

This issue has been fixed in version 2.16. The fix is included in Fedora and Red Hat Enterprise Linux 5, 6, and 7.

Reference:

http://seclists.org/oss-sec/2014/q3/466

Statement:

Not vulnerable. This issue does not affect the versions of glibc in Red Hat Enterprise Linux 5, 6, or 7.
Comment 1 Murray McAllister 2014-09-02 06:04:08 UTC 
MITRE assigned CVE-2012-6656 to this issue:

http://www.openwall.com/lists/oss-security/2014/09/02/1
Note You need to log in before you can comment on or make changes to this bug.