GNU C Library iconv Function Assertion Failure Vulnerability in Character Set Conversion

A denial-of-service vulnerability has been identified in the GNU C Library (glibc) iconv() function, affecting versions through 2.43. When converting inputs from the IBM1390 or IBM1399 character sets, the function may crash due to an assertion failure. This issue can be remotely exploited to crash applications that use these character sets. The vulnerability arises because the combined-word attribute of the IBM1390 and IBM1399 encodings can lead to improper handling of internal buffers, causing the assertion error. This bug is particularly problematic for applications like 'mutt', where such crashes can disrupt access to mail folders.

Impact

Exploitation of this vulnerability causes a crash in the application using the affected version of glibc, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling and running a program that uses the iconv() function to convert text from the IBM1390 or IBM1399 character sets to UTF-8. The program should be crafted to exploit the combined-word attribute of the IBM1390 or IBM1399 encodings, which can be done by including specific byte sequences that trigger the assertion failure. When the program is run, it will cause glibc to report an assertion error, indicating that the output buffer was not properly handled during the conversion process.

Remediation

Users can remove the IBM1390 and IBM1399 character sets from their systems to mitigate this vulnerability.