Glibc Character Conversion Assertion

2021.01.29
Credit: Tavis Ormandy
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

glibc: assertion during character conversion [I'm just creating a bug for future reference, I've already reported this issue upstream and it's already been fixed] If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding. This is a problem because that's a really common thing to do, for example mail clients do automatic charset conversion when they see a Subject like: Subject: =?ISO-2022-JP-3?B?..... or a MIME header like this: Content-Type: text/plain; charset=ISO-2022-JP-3 This would mean your mail client would immediately crash. Upstream bug and patch is available here: https://sourceware.org/bugzilla/show_bug.cgi?id=27256 There's a testcase in the patch if you want to reproduce it. Found by: taviso@google.com


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top