CVE-2020-27618 in Ubuntu

CVE-2020-27618

Priority

Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and
earlier, when processing invalid multi-byte input sequences in IBM1364,
IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the
input state, which could lead to an infinite loop in applications,
resulting in a denial of service, a different vulnerability from
CVE-2016-10228.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618
https://ubuntu.com/security/notices/USN-5310-1

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=26224

Notes

Package

Source: eglibc (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	needs-triage

Patches:

Package

Source: glibc (LP Ubuntu Debian)

Upstream:	released (2.33)
Ubuntu 18.04 LTS:	released (2.27-3ubuntu1.5)
Ubuntu 20.04 LTS:	released (2.31-0ubuntu9.7)
Ubuntu 21.10:	not-affected (2.33-0ubuntu1)
Ubuntu 16.04 ESM:	needed
Ubuntu 22.04 LTS:	not-affected (2.33-0ubuntu1)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5

More Information

Updated: 2022-04-25 00:49:14 UTC (commit ecc1009cb19540b950de59270950018900f37f15)