Platform
linux
Component
musl
Fixed in
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
A security vulnerability has been identified in musl libc versions 1.2.0 through 1.2.6. This flaw resides within the GB18030 4-byte Decoder's iconv function, resulting in inefficient algorithmic complexity. While the attack requires local initiation, it can potentially lead to resource exhaustion. A patch is recommended to resolve this issue.
The vulnerability stems from an inefficient algorithmic complexity within the iconv function of the GB18030 4-byte Decoder. An attacker with local access could exploit this by crafting specific input that triggers the inefficient algorithm. This could lead to excessive CPU usage, memory consumption, or other resource exhaustion, potentially impacting the stability and performance of the system. While not a direct code execution vulnerability, the resource exhaustion could be leveraged to cause a denial-of-service condition or disrupt critical services.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available. The CVSS score of 3.3 (LOW) indicates a relatively low probability of exploitation in the wild, but the local access requirement should be considered. The vulnerability was disclosed on 2026-04-10.
Exploit Status
EPSS
0.01% (3% percentile)
CVSS Vector
The primary mitigation for CVE-2026-6042 is to upgrade to a patched version of musl libc. Consult your distribution's package manager for available updates. If upgrading is not immediately feasible due to compatibility concerns or system downtime requirements, consider implementing resource limits (e.g., using cgroups on Linux) to restrict the resources available to processes using the affected iconv function. Monitor system resource usage closely for any signs of unusual activity. After upgrade, confirm by running ldd /lib/x86_64-linux-gnu/libc.so.6 and verifying the version of musl libc.
Apply the patch provided by the vendor to mitigate the inefficient algorithmic complexity in the musl libc GB18030 4-byte Decoder. Refer to the reference sources for more details about the patch and its application.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6042 is a LOW severity vulnerability in musl libc versions 1.2.0–1.2.6 affecting the GB18030 4-byte Decoder's iconv function. It results in inefficient algorithmic complexity, potentially leading to resource exhaustion.
You are affected if your system is running musl libc versions 1.2.0 through 1.2.6. Check your version using your distribution's package manager.
Upgrade to a patched version of musl libc. Consult your distribution's package manager for available updates. Resource limits can be used as a temporary workaround.
There is no confirmed active exploitation of CVE-2026-6042 at this time, but the local access requirement should be considered.
Refer to your Linux distribution's security advisories for information related to CVE-2026-6042 and musl libc updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.