VDB
CISA-2021-3326
CISA-2021-3326
PUBLISHED
CVSS 7.5 HIGH
Reported by mitre · Published January 27, 2021
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Jan 27, 2021 CVE Published
- Jun 9, 2025 CVE Updated
- Apr 26, 2026 Security Advisory
References
- [oss-security] 20210128 Re: glibc iconv crash with ISO-2022-JP-3 mailing-list
- GLSA-202107-07 vendor-advisory
- [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update mailing-list