CVE-2021-3326
7.5 HIGHThe iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP...
Published: 2021-01-27 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-617
Affected products
| Vendor | Product |
|---|---|
| debian | communications_cloud_native_core_security_edge_protection_proxy, debian_linux, e-series_santricity_os_controller |
| fujitsu | communications_cloud_native_core_security_edge_protection_proxy, debian_linux, e-series_santricity_os_controller |
| gnu | communications_cloud_native_core_security_edge_protection_proxy, debian_linux, e-series_santricity_os_controller |
| netapp | communications_cloud_native_core_security_edge_protection_proxy, debian_linux, e-series_santricity_os_controller |
| oracle | communications_cloud_native_core_security_edge_protection_proxy, debian_linux, e-series_santricity_os_controller |
Description
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3326
- [Other]http://www.openwall.com/lists/oss-security/2021/01/28/2
- [Other]https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- [Other]https://security.gentoo.org/glsa/202107-07
- [Other]https://security.netapp.com/advisory/ntap-20210304-0007/
- [Other]https://sourceware.org/bugzilla/show_bug.cgi?id=27256
- [Other]https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888
- [Other]https://www.oracle.com/security-alerts/cpuapr2022.html
- [Patch]https://www.oracle.com/security-alerts/cpujan2022.html
- [Other]http://www.openwall.com/lists/oss-security/2021/01/28/2
- [Other]https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- [Other]https://security.gentoo.org/glsa/202107-07
- [Other]https://security.netapp.com/advisory/ntap-20210304-0007/
- [Other]https://sourceware.org/bugzilla/show_bug.cgi?id=27256
- [Other]https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888
- [Other]https://www.oracle.com/security-alerts/cpuapr2022.html
- [Patch]https://www.oracle.com/security-alerts/cpujan2022.html
Related CVEs
Same vendor
- CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
Same CWE
- CVE-2026-52718 — A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad (6.5 MEDIUM)
- CVE-2026-29116 — A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, ...
- CVE-2026-29115 — A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, tr...
- CVE-2026-46543 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
- CVE-2026-46542 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)