VYPR
Unrated severityNVD Advisory· Published Nov 4, 2021· Updated Aug 4, 2024

CVE-2021-43396

CVE-2021-43396

Description

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • glibc/GNU C Librarydescription
  • GNU/Glibcllm-fuzzy
    Range: = 2.34

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.