Unknown
CVE-2021-43396
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-43396
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious ‘\0’ character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states “the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there’s no security impact to the bug.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- gnu,
- oracle
Products
- communications cloud native core binding support function 22.1.3,
- communications cloud native core network function cloud native environment 22.1.0,
- communications cloud native core network repository function 22.1.2,
- communications cloud native core network repository function 22.2.0,
- communications cloud native core security edge protection proxy 22.1.1,
- communications cloud native core unified data repository 22.2.0,
- enterprise operations monitor 4.3,
- enterprise operations monitor 4.4,
- enterprise operations monitor 5.0,
- glibc 2.34
References
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: