Bugzilla – Bug 1181505
VUL-0: CVE-2021-3326: glibc: iconv crash with ISO-2022-JP-3 which affects e.g. mutt
Last modified: 2024-03-05 12:30:01 UTC
via oss-security: Hello list, I suddenly got interested in mutt attack surface after CVE-2021-3181, and some testing found a crash via charset conversion glibc. It's just an abort(), I don't think there's any further impact. I believe this would crash anything that does character conversion with iconv. Mail clients do automatic charset conversion when they see a Subject like: Subject: =?ISO-2022-JP-3?B?..... or a MIME header like this: Content-Type: text/plain; charset=ISO-2022-JP-3 The impact is just that you can't open your mail client, because it crashes as soon as it sees the subject. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27256 Patch: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html Thanks, Tavis.
Are you aware that the upstream bug report and patch is for glibc? (In reply to Wolfgang Frisch from comment #0) > via oss-security: > > Hello list, I suddenly got interested in mutt attack surface after > CVE-2021-3181, and some testing found a crash via charset conversion > glibc. It's just an abort(), I don't think there's any further impact. > > I believe this would crash anything that does character conversion with > iconv. Mail clients do automatic charset conversion when they see a > Subject like: > > Subject: =?ISO-2022-JP-3?B?..... > > or a MIME header like this: > > Content-Type: text/plain; charset=ISO-2022-JP-3 > > The impact is just that you can't open your mail client, because it > crashes as soon as it sees the subject. > > Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27256 > Patch: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html > > Thanks, Tavis.
mutt/mutt-2.0.5> cd iconvdata/ iconvdata/: No such file or directory.
Created attachment 845601 [details] glibc bug It's a glibc bug
CVE-2021-3326 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326 https://sourceware.org/bugzilla/show_bug.cgi?id=27256 https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
Tracking as follows: SUSE:Carwos:1 Affected SUSE:SLE-11-SP1:Update Affected SUSE:SLE-11-SP3:Update Affected SUSE:SLE-12-SP2:Update Affected SUSE:SLE-12-SP4:Update Affected SUSE:SLE-15:Update Affected SUSE:SLE-15-SP3:Update Affected
SUSE-SU-2021:0608-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1180038,1181365,1181505,1182117 CVE References: CVE-2019-25013,CVE-2021-3326 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): glibc-2.22-114.5.1 SUSE Linux Enterprise Server 12-SP5 (src): glibc-2.22-114.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0653-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1178386,1179694,1179721,1180038,1181505,1182117 CVE References: CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 JIRA References: Sources used: SUSE Manager Server 4.0 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Manager Retail Branch Server 4.0 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Manager Proxy 4.0 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Server for SAP 15 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Server 15-LTSS (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): glibc-2.26-13.56.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE Enterprise Storage 6 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 SUSE CaaS Platform 4.0 (src): glibc-2.26-13.56.1, glibc-utils-src-2.26-13.56.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0358-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1178386,1179694,1179721,1180038,1181505,1182117 CVE References: CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 JIRA References: Sources used: openSUSE Leap 15.2 (src): glibc-2.26-lp152.26.6.1, glibc-testsuite-src-2.26-lp152.26.6.1, glibc-utils-src-2.26-lp152.26.6.1
SUSE-SU-2022:2886-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1027496,1178386,1179694,1179721,1181505,1182117,941234 CVE References: CVE-2015-5180,CVE-2016-10228,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP3-BCL (src): glibc-2.22-126.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): glibc-2.22-126.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done
SUSE-SU-2023:0579-2: An update that solves five vulnerabilities and has one fix can now be installed. Category: security (important) Bug References: 1018158, 1178386, 1179694, 1179721, 1181505, 1182117 CVE References: CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-29573, CVE-2021-3326 Sources used: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): glibc-2.11.3-17.110.43.1 SUSE Linux Enterprise Server 11 SP4 (src): glibc-2.11.3-17.110.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0759-1: An update that solves five vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1018158, 1178386, 1179694, 1179721, 1181505, 1182117 CVE References: CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-29573, CVE-2021-3326 Sources used: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): glibc-2.11.3-17.110.43.1 SUSE Linux Enterprise Server 11 SP4 (src): glibc-2.11.3-17.110.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.