In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T03:55:28.498Z

Reserved: 2021-11-04T00:00:00

Link: CVE-2021-43396

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-04T20:15:09.223

Modified: 2024-11-21T06:29:09.553

Link: CVE-2021-43396

cve-icon Redhat

Severity :

Publid Date: 2021-11-01T00:00:00Z

Links: CVE-2021-43396 - Bugzilla

cve-icon OpenCVE Enrichment

No data.