Cyber Resilience

CVE-2021-43396

HighPublic PoC

Published: 04 November 2021

Published
04 November 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0060 69.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-43396 is a high-severity an unspecified weakness vulnerability in Oracle Enterprise Operations Monitor. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 30.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain…

more

iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gnu
glibc
2.34
oracle
communications cloud native core binding support function
22.1.3
oracle
communications cloud native core network function cloud native environment
22.1.0
oracle
communications cloud native core network repository function
22.1.2, 22.2.0
oracle
communications cloud native core security edge protection proxy
22.1.1
oracle
communications cloud native core unified data repository
22.2.0
oracle
enterprise operations monitor
4.3, 4.4, 5.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References