Bug 1027496 (CVE-2016-10228) - VUL-1: CVE-2016-10228: glibc: iconv program can hang when invoked with the -c option
Summary: VUL-1: CVE-2016-10228: glibc: iconv program can hang when invoked with the -c...
Status: RESOLVED FIXED
Alias: CVE-2016-10228
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: unspecified
Assignee: Andreas Schwab
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/181063/
Whiteboard: CVSSv2:SUSE:CVE-2016-10228:2.1:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-01 17:14 UTC by Mikhail Kasimov
Modified: 2024-05-13 14:32 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-03-01 17:14:54 UTC 
Ref: http://seclists.org/oss-sec/2017/q1/538
=============================================
The iconv program (not the iconv function) provided by glibc can hang (enter an infinite loop) when invoked with the -c option and an invalid multi-byte sequence is encountered in the input:


  https://sourceware.org/bugzilla/show_bug.cgi?id=19519

We have received an independent report of this issue, so we are treating this as a (minor) security bug now on the glibc upstream side.


(Note to Red Hat Product Security: We already have a couple of product bugs for this.)
=============================================

https://sourceware.org/bugzilla/show_bug.cgi?id=19519
======================================================
 Jan Engelhardt 2016-01-25 18:41:47 UTC

In glibc 2.19 and glibc 2.22, I observe that combining //translit with //ignore with -c with an unconvertible sequence will hang the iconv program. The order of //translit and //ignore is significant. The target charset is of no significance; it could also be -t utf-8//translit//ignore.

 echo -en '\x80' | iconv -f us-ascii -t us-ascii//translit//ignore -c

...
Florian Weimer 2017-03-01 09:12:56 UTC

Another reproducer:

echo -en "\x0e\x0e" | /usr/bin/iconv -c -f IBM1364

We received an independent report of this issue, and I think we should treat this as a minor security bug.
======================================================

42.2:
k_mikhail@linux-mk500:~> ldd --version
ldd (GNU libc) 2.22
Copyright (C) 2015 Free Software Foundation, Inc.
Comment 1 Swamp Workflow Management 2017-03-01 23:00:24 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2017-03-02 06:29:46 UTC 
as its only the commandline tool, planned update only.

glibc 2.11 iconv also goes to 100% CPU, assuming it goes way back
Comment 10 Swamp Workflow Management 2021-07-27 16:20:23 UTC 
SUSE-SU-2021:2480-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1027496,1131330,1187911
CVE References: CVE-2016-10228,CVE-2021-35942
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    glibc-2.22-114.12.1
SUSE Linux Enterprise Server 12-SP5 (src):    glibc-2.22-114.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Marcus Meissner 2021-11-02 09:02:57 UTC 
can you fix this also for 

SUSE:SLE-15:Update glibc

please? partner has queried this.
Comment 14 Swamp Workflow Management 2021-12-01 17:45:42 UTC 
SUSE-SU-2021:3830-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1027496,1183085
CVE References: CVE-2016-10228
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    glibc-2.26-13.62.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    glibc-2.26-13.62.1, glibc-utils-src-2.26-13.62.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    glibc-2.26-13.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-12-10 14:35:48 UTC 
openSUSE-SU-2021:1560-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1027496,1183085
CVE References: CVE-2016-10228
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    glibc-2.26-lp152.26.12.1, glibc-testsuite-src-2.26-lp152.26.12.1, glibc-utils-src-2.26-lp152.26.12.1
Comment 16 Swamp Workflow Management 2022-08-24 16:16:49 UTC 
SUSE-SU-2022:2886-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1027496,1178386,1179694,1179721,1181505,1182117,941234
CVE References: CVE-2015-5180,CVE-2016-10228,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    glibc-2.22-126.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    glibc-2.22-126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Marcus Meissner 2024-05-13 14:32:54 UTC 
done