FreeBSD : FreeBSD -- iconv(3) NULL pointer dereference and out-of-bounds array access (6f91a709-6007-11e6-a6c3-14dae9d210b8)
Medium Nessus Plugin ID 92904
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash. Impact : Services where an attacker can control the arguments of an iconv_open(3) call can be caused to crash resulting in a denial-of-service. For example, an email encoded in HZ may cause an email delivery service to crash if it converts emails to a more generic encoding like UTF-8 before applying filtering rules.
SolutionUpdate the affected package.