Back to search
CVE-2014-5119
Published: Aug 29, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
60441
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)
mailing-list
x_refsource_MLIST
69738
vdb-entry
x_refsource_BID
RHSA-2014:1118
vendor-advisory
x_refsource_REDHAT
RHSA-2014:1110
vendor-advisory
x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
x_refsource_CONFIRM
60345
third-party-advisory
x_refsource_SECUNIA
61093
third-party-advisory
x_refsource_SECUNIA
GLSA-201602-02
vendor-advisory
x_refsource_GENTOO
MDVSA-2014:175
vendor-advisory
x_refsource_MANDRIVA
[oss-security] 20170713 glibc locale issues
mailing-list
x_refsource_MLIST
68983
vdb-entry
x_refsource_BID
https://sourceware.org/bugzilla/show_bug.cgi?id=17187
x_refsource_CONFIRM
20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit
mailing-list
x_refsource_FULLDISC
DSA-3012
vendor-advisory
x_refsource_DEBIAN
61074
third-party-advisory
x_refsource_SECUNIA
20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability
vendor-advisory
x_refsource_CISCO
http://linux.oracle.com/errata/ELSA-2015-0092.html
x_refsource_CONFIRM
SUSE-SU-2014:1125
vendor-advisory
x_refsource_SUSE
60358
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now