Bug 1181505 (CVE-2021-3326) - VUL-0: CVE-2021-3326: glibc: iconv crash with ISO-2022-JP-3 which affects e.g. mutt
Summary: VUL-0: CVE-2021-3326: glibc: iconv crash with ISO-2022-JP-3 which affects e.g...
Status: RESOLVED FIXED
Alias: CVE-2021-3326
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Andreas Schwab
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/276667/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-3326:6.2:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-28 10:10 UTC by Wolfgang Frisch
Modified: 2024-03-05 12:30 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
glibc bug (59.35 KB, image/png)
2021-01-28 10:19 UTC, Dr. Werner Fink
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2021-01-28 10:10:04 UTC
via oss-security:

Hello list, I suddenly got interested in mutt attack surface after
CVE-2021-3181, and some testing found a crash via charset conversion
glibc. It's just an abort(), I don't think there's any further impact.

I believe this would crash anything that does character conversion with
iconv. Mail clients do automatic charset conversion when they see a
Subject like:

    Subject: =?ISO-2022-JP-3?B?.....

or a MIME header like this:

    Content-Type: text/plain; charset=ISO-2022-JP-3

The impact is just that you can't open your mail client, because it
crashes as soon as it sees the subject.

Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Patch: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html

Thanks, Tavis.
Comment 2 Dr. Werner Fink 2021-01-28 10:14:28 UTC
Are you aware that the upstream bug report and patch is for glibc?

(In reply to Wolfgang Frisch from comment #0)
> via oss-security:
> 
> Hello list, I suddenly got interested in mutt attack surface after
> CVE-2021-3181, and some testing found a crash via charset conversion
> glibc. It's just an abort(), I don't think there's any further impact.
> 
> I believe this would crash anything that does character conversion with
> iconv. Mail clients do automatic charset conversion when they see a
> Subject like:
> 
>     Subject: =?ISO-2022-JP-3?B?.....
> 
> or a MIME header like this:
> 
>     Content-Type: text/plain; charset=ISO-2022-JP-3
> 
> The impact is just that you can't open your mail client, because it
> crashes as soon as it sees the subject.
> 
> Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
> Patch: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
> 
> Thanks, Tavis.
Comment 3 Dr. Werner Fink 2021-01-28 10:16:49 UTC
mutt/mutt-2.0.5> cd iconvdata/
iconvdata/: No such file or directory.
Comment 4 Dr. Werner Fink 2021-01-28 10:19:53 UTC
Created attachment 845601 [details]
glibc bug

It's a glibc bug
Comment 5 Wolfgang Frisch 2021-01-28 12:38:43 UTC
CVE-2021-3326

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier,
when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an
assertion in the code path and aborts the program, potentially resulting in a
denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
Comment 6 Wolfgang Frisch 2021-01-28 13:52:32 UTC
Tracking as follows:

SUSE:Carwos:1           Affected
SUSE:SLE-11-SP1:Update  Affected
SUSE:SLE-11-SP3:Update  Affected
SUSE:SLE-12-SP2:Update  Affected
SUSE:SLE-12-SP4:Update  Affected
SUSE:SLE-15:Update      Affected
SUSE:SLE-15-SP3:Update  Affected
Comment 10 Swamp Workflow Management 2021-02-25 23:17:02 UTC
SUSE-SU-2021:0608-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1180038,1181365,1181505,1182117
CVE References: CVE-2019-25013,CVE-2021-3326
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    glibc-2.22-114.5.1
SUSE Linux Enterprise Server 12-SP5 (src):    glibc-2.22-114.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-02-26 23:18:51 UTC
SUSE-SU-2021:0653-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1178386,1179694,1179721,1180038,1181505,1182117
CVE References: CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Manager Retail Branch Server 4.0 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Manager Proxy 4.0 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Server for SAP 15 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Server 15-LTSS (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    glibc-2.26-13.56.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE Enterprise Storage 6 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1
SUSE CaaS Platform 4.0 (src):    glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-02-28 02:16:38 UTC
openSUSE-SU-2021:0358-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1178386,1179694,1179721,1180038,1181505,1182117
CVE References: CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    glibc-2.26-lp152.26.6.1, glibc-testsuite-src-2.26-lp152.26.6.1, glibc-utils-src-2.26-lp152.26.6.1
Comment 15 Swamp Workflow Management 2022-08-24 16:17:08 UTC
SUSE-SU-2022:2886-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1027496,1178386,1179694,1179721,1181505,1182117,941234
CVE References: CVE-2015-5180,CVE-2016-10228,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    glibc-2.22-126.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    glibc-2.22-126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Marcus Meissner 2022-11-25 09:57:43 UTC
done
Comment 17 Maintenance Automation 2023-02-28 20:30:09 UTC
SUSE-SU-2023:0579-2: An update that solves five vulnerabilities and has one fix can now be installed.

Category: security (important)
Bug References: 1018158, 1178386, 1179694, 1179721, 1181505, 1182117
CVE References: CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-29573, CVE-2021-3326
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): glibc-2.11.3-17.110.43.1
SUSE Linux Enterprise Server 11 SP4 (src): glibc-2.11.3-17.110.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2024-03-05 12:30:01 UTC
SUSE-SU-2024:0759-1: An update that solves five vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1018158, 1178386, 1179694, 1179721, 1181505, 1182117
CVE References: CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-29573, CVE-2021-3326
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): glibc-2.11.3-17.110.43.1
SUSE Linux Enterprise Server 11 SP4 (src): glibc-2.11.3-17.110.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.