Fluid Attacks Database

Description

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	glibc	>=0 <2.31-3	2.31-3
debian 14	glibc	>=0 <2.31-3	2.31-3
debian 11	glibc	>=0 <2.31-3	2.31-3
debian 13	glibc	>=0 <2.31-3	2.31-3
rpm rhel6	compat-glibc	-	-
rpm rhel6	glibc	-	-
rpm rhel5	glibc	-	-
rpm rhel8	glibc	<0:2.28-151.el8	0:2.28-151.el8
rpm rhel5	compat-glibc	-	-
rpm rhel7	compat-glibc	-	-

1-10 of 11

Aliases

1. CVE-2016-102282. NVD-2016-102283. OSV-DEBIAN-2016-102284. OSV-2016-102285. SECURITY-TRACKER-CVE-2016-10228

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.