NULL pointer dereference vulnerability in HZ module in iconv implementation in FreeBSD 10.0 and NetBSD

NULL pointer dereference vulnerability in HZ module in iconv implementation in FreeBSD 10.0 and NetBSD

CVE-2014-3951 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference.

Learn more about our Web Application Penetration Testing UK.