CVE-2021-3326
📋 TL;DR
This vulnerability in the GNU C Library's iconv function causes a program crash when processing invalid ISO-2022-JP-3 encoded input. It affects any application using glibc's iconv conversion functions with this specific encoding, potentially leading to denial of service. Systems running glibc 2.32 or earlier are vulnerable.
💻 Affected Systems
- GNU C Library (glibc)
- Linux distributions using glibc
📦 What is this software?
Communications Cloud Native Core Security Edge Protection Proxy by Oracle
View all CVEs affecting Communications Cloud Native Core Security Edge Protection Proxy →
E Series Santricity Os Controller by Netapp
Glibc by Gnu
The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.
Learn more about Glibc →⚠️ Risk & Real-World Impact
Worst Case
Remote attackers could crash critical services by sending specially crafted input, causing complete denial of service for affected applications.
Likely Case
Local or remote attackers cause application crashes in services using iconv with ISO-2022-JP-3 encoding, resulting in temporary service disruption.
If Mitigated
With proper input validation and updated libraries, the vulnerability is eliminated and no impact occurs.
🎯 Exploit Status
Exploitation requires sending invalid ISO-2022-JP-3 encoded data to applications using iconv. The bug report includes trigger examples.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: glibc 2.33 and later
Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Restart Required: Yes
Instructions:
1. Update glibc to version 2.33 or later using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade libc6. 3. For RHEL/CentOS: sudo yum update glibc. 4. Restart affected services or reboot system.
🔧 Temporary Workarounds
Disable ISO-2022-JP-3 encoding
linuxRemove or disable ISO-2022-JP-3 encoding support in applications if not required
Input validation
allImplement strict input validation for ISO-2022-JP-3 encoded data before passing to iconv
🧯 If You Can't Patch
- Implement network filtering to block or sanitize ISO-2022-JP-3 encoded input to vulnerable applications
- Use application-level input validation to reject malformed ISO-2022-JP-3 sequences before reaching iconv
🔍 How to Verify
Check if Vulnerable:
Check glibc version: ldd --version | head -1. If version is 2.32 or earlier, system is vulnerable.Check Version:
ldd --version | head -1Verify Fix Applied:
Verify glibc version is 2.33 or later: ldd --version | head -1. Test with known trigger from bug report.📡 Detection & Monitoring
Log Indicators:
- Application crashes with assertion failures related to iconv
- Core dumps from processes using iconv conversion
Network Indicators:
- Unusual ISO-2022-JP-3 encoded traffic to services
- Sudden service termination after receiving specific character sequences
SIEM Query:
source="application_logs" AND ("assertion fail" OR "iconv" OR "ISO-2022-JP-3") AND ("crash" OR "abort")🔗 References
- http://www.openwall.com/lists/oss-security/2021/01/28/2
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://security.gentoo.org/glsa/202107-07
- https://security.netapp.com/advisory/ntap-20210304-0007/
- https://sourceware.org/bugzilla/show_bug.cgi?id=27256
- https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- http://www.openwall.com/lists/oss-security/2021/01/28/2
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://security.gentoo.org/glsa/202107-07
- https://security.netapp.com/advisory/ntap-20210304-0007/
- https://sourceware.org/bugzilla/show_bug.cgi?id=27256
- https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
