CVE Vulnerabilities

CVE-2020-27618

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Feb 26, 2021 | Modified: Oct 28, 2022
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.5 LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
LOW

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Glibc Gnu * 2.32 (including)
Red Hat Enterprise Linux 8 RedHat glibc-0:2.28-151.el8 *
Red Hat Enterprise Linux 8 RedHat glibc-0:2.28-151.el8 *
Eglibc Ubuntu esm-infra-legacy/trusty *
Eglibc Ubuntu precise/esm *
Eglibc Ubuntu trusty *
Eglibc Ubuntu trusty/esm *
Glibc Ubuntu bionic *
Glibc Ubuntu esm-infra/xenial *
Glibc Ubuntu focal *
Glibc Ubuntu groovy *
Glibc Ubuntu trusty *
Glibc Ubuntu upstream *
Glibc Ubuntu xenial *

References