Vigil@nce - FreeBSD: NULL pointer dereference via iconv
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can transmit malicious GB2312+HZ or VIQR data to a
FreeBSD application using iconv, in order to trigger a denial of
service.
Impacted products: FreeBSD
Severity: 2/4
Creation date: 25/06/2014
DESCRIPTION OF THE VULNERABILITY
The iconv library converts the character encoding of data.
However, when a GB2312+HZ text is converted, iconv does not check
if a pointer is NULL, before using it. A VIQR text also forces
iconv to read at an invalid memory address.
An attacker can therefore transmit malicious GB2312+HZ or VIQR
data to a FreeBSD application using iconv, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-NULL-pointer-dereference-via-iconv-14934