CVE-2021-43396 in GNU and Oracle Products
Published on November 4, 2021

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.

NVD

Products Associated with CVE-2021-43396

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-43396 are published in these products:

GNU Glibc

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Enterprise Operations Monitor

Oracle Communications Cloud Native Core Unified Data Repository

Exploit Probability

EPSS

0.60%

Percentile

68.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-43396 in GNU and Oracle ProductsPublished on November 4, 2021

Products Associated with CVE-2021-43396

Exploit Probability

CVE-2021-43396 in GNU and Oracle Products
Published on November 4, 2021