CVE-2014-5119

glibc < 2.20 - Denial of Service and Remote Code Execution via CHARSET Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5119. PoCs published by taviso & scarybeasts.

AI-analyzed exploit summary This exploit targets a heap corruption vulnerability in glibc's __gconv_translit_find() function (CVE-2014-5119). It manipulates environment variables to trigger a corrupted double-linked list error, then parses the resulting crash dump to extract memory addresses for further exploitation.

Description

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Exploits (1)

exploitdb WORKING POC VERIFIED
by taviso & scarybeasts · clocallinux
https://www.exploit-db.com/exploits/34421

This exploit targets a heap corruption vulnerability in glibc's __gconv_translit_find() function (CVE-2014-5119). It manipulates environment variables to trigger a corrupted double-linked list error, then parses the resulting crash dump to extract memory addresses for further exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: glibc (specifically versions with vulnerable __gconv_translit_find())
No auth needed
Prerequisites: Vulnerable glibc version · Ability to set environment variables · Access to execute the exploit binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60441
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/08/13/5
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69738
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1118.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2014-1110.html
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60345
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61093
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201602-02
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/07/14/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68983
Issue Tracking, Third Party Advisory x_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=17187
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Aug/69
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3012
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61074
Third Party Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119
Third Party Advisory x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2015-0092.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60358

Scores

EPSS 0.2151
EPSS Percentile 95.9%

Details

CWE
CWE-189
Status published
Products (2)
debian/debian_linux 7.0
gnu/glibc < 2.20
Published Aug 29, 2014
Tracked Since Feb 18, 2026