The GB18030 4-byte decoder in musl libc's iconv() implementation contains a gap-skipping loop that performs a full linear scan of the gb18030126 lookup table on each iteration of an outer loop whose iteration count is input-dependent, allowing a remote attacker to cause denial of service via CPU exhaustion by sending a crafted GB18030 payload.
| Vendor | Product | Versions |
|---|---|---|
| musl | libc | 0.8.0 to 1.2.6 |
