Glibc Character Conversion Assertion

Credit: Tavis Ormandy
Risk: Medium
Local: No
Remote: Yes

glibc: assertion during character conversion [I'm just creating a bug for future reference, I've already reported this issue upstream and it's already been fixed] If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding. This is a problem because that's a really common thing to do, for example mail clients do automatic charset conversion when they see a Subject like: Subject: =?ISO-2022-JP-3?B?..... or a MIME header like this: Content-Type: text/plain; charset=ISO-2022-JP-3 This would mean your mail client would immediately crash. Upstream bug and patch is available here: There's a testcase in the patch if you want to reproduce it. Found by:

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023,


Back to Top