musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

Basic Information

ID CVE-2026-6042

Source VulDB

Published Apr 10, 2026 at 09:00

Modified Apr 10, 2026 at 15:54

Affected Product

Vendor musl

Product libc

Version 1.2.0

Affected Versions musl libc 1.2.0
musl libc 1.2.1
musl libc 1.2.2
musl libc 1.2.3
musl libc 1.2.4
musl libc 1.2.5
musl libc 1.2.6

CWE Classification

CWE-407 CWE-404

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.",
    "published": "2026-04-10T09:00:18.733Z",
    "modified": "2026-04-10T15:54:06.200Z",
    "type": "cve",
    "title": "musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356620\nhttps://vuldb.com/vuln/356620/cti\nhttps://vuldb.com/submit/796352\nhttps://www.openwall.com/lists/oss-security/2026/04/02/10\nhttps://www.openwall.com/lists/oss-security/2026/04/03/2",
    "id": "CVE-2026-6042",
    "bulletinFamily": "",
    "cwe": [
        "CWE-407",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "musl libc 1.2.0\nmusl libc 1.2.1\nmusl libc 1.2.2\nmusl libc 1.2.3\nmusl libc 1.2.4\nmusl libc 1.2.5\nmusl libc 1.2.6",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "libc",
    "version": "1.2.0",
    "vendor": "musl",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity_CVE-2026-6042