{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "69472", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69472"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2015-0016.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"name": "MDVSA-2014:175", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"}, {"name": "[oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/08/29/3"}, {"name": "USN-2432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-2432-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"}, {"name": "62100", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62100"}, {"name": "[oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/09/02/1"}, {"name": "62146", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62146"}, {"name": "DSA-3142", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3142"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:03:02.407Z"}, "title": "CVE Program Container", "references": [{"name": "69472", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69472"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2015-0016.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"name": "MDVSA-2014:175", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"}, {"name": "[oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/08/29/3"}, {"name": "USN-2432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-2432-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"}, {"name": "62100", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62100"}, {"name": "[oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/09/02/1"}, {"name": "62146", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62146"}, {"name": "DSA-3142", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3142"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-6040", "datePublished": "2014-12-05T16:00:00", "dateReserved": "2014-09-01T00:00:00", "dateUpdated": "2024-08-06T12:03:02.407Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "341320B9-8C6F-40EC-ADF9-0EA8A7D51FF8", "versionEndIncluding": "2.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "18F57529-10DF-447A-8C53-DD4B1C2AA21E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "733A1711-D2FC-45C6-9542-893860851F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", "matchCriteriaId": "CA4CFA8E-9892-4DDA-9DB2-581711E974A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "C1E91F85-7872-4290-BE7F-C966AC2773CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*", "matchCriteriaId": "BC5491CD-F3D6-4B09-AE44-62285F6B462A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8."}, {"lang": "es", "value": "GNU C Library (tambi\u00e9n conocido como glibc) anterior a 2.20 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda) a trav\u00e9s de un valor de caracteres de multibytes de '0xffff' en la funci\u00f3n iconv cuando convierte datos codificados de (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, o (5) IBM1364 a UTF-8."}], "id": "CVE-2014-6040", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-05T16:59:09.910", "references": [{"source": "secalert@redhat.com", "url": "http://linux.oracle.com/errata/ELSA-2015-0016.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62100"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62146"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://ubuntu.com/usn/usn-2432-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2015/dsa-3142"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/08/29/3"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2014/09/02/1"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/69472"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201602-02"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"}, {"source": "secalert@redhat.com", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://linux.oracle.com/errata/ELSA-2015-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://ubuntu.com/usn/usn-2432-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2015/dsa-3142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/08/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2014/09/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201602-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0016", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "glibc-0:2.12-1.149.el6_6.4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-01-07T00:00:00Z"}, {"advisory": "RHSA-2015:0327", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "glibc-0:2.17-78.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)", "id": "1135841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1135841"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-119", "details": ["GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application."], "name": "CVE-2014-6040", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-08-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-6040\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6040"], "statement": "This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata", "threat_severity": "Moderate"}