GNU C Library Buffer Under-read Vulnerability in Wide Character Handling

A vulnerability exists in the GNU C Library (glibc) in versions through 2.43, where the ungetwc function can be misused on FILE streams containing wide characters. This issue arises with character encodings that overlap single-byte and multi-byte representations, leading to potential buffer under-reads. The flaw is caused by a bug in the wide character pushback implementation, which incorrectly uses the regular character buffer instead of the wide-stream read pointer. As a result, there may be an attempt to read bytes before an allocated buffer, unintentionally disclosing neighboring heap data or causing a program crash.

Impact

Exploitation of this vulnerability can lead to a buffer under-read, allowing for the unintended disclosure of adjacent heap data, or causing a program crash. The under-read requires a specific encoding condition where single-byte and multi-byte representations overlap, creating false matches.