anonhaven
Ad

CVE-2026-4046

HIGH CVSS 3.1: 7.5 EPSS 0.05%
Updated Apr 07, 2026
Gnu
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions before 2.43
Type CWE-617
Vendor Gnu
Public PoC No

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-617

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Gnu Glibc
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
 <= 2.43

References 2

https://sourceware.org/bugzilla/show_bug.cgi?id=33980
3ff69d7a-14f2-4f67-a097-88dee7810d18
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026…
3ff69d7a-14f2-4f67-a097-88dee7810d18
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4647

Red Hat

6.1

CVE-2026-4438

Gnu

5.4

CVE-2026-4437

Gnu

7.5

CVE-2026-3442

Gnu

7.1

CVE-2026-3441

Gnu

7.1