CVE-2019-25013

CWE-125 — Out-of-bounds Read CWE-119 — Buffer Overflow11 documents8 sources

Severity

5.9MEDIUM

EPSS

0.8%

top 25.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Debian Debian Linux Fedoraproject Fedora

Timeline

PublishedJan 4

Latest updateDec 8

Description

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶Debianglibc< 2.31-9+3

▶Ubuntuglibc< 2.27-3ubuntu1.5+2

▶NVDgnu/glibc2.32

Also affects: Debian Linux 10.0, Fedora 32, 33

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

glibc vulnerabilities↗2022-12-08

▶

GHSA

GHSA-px78-549m-fc45: The iconv feature in the GNU C Library (aka glibc or libc6) through 2↗2022-05-24

▶

OSV

glibc vulnerabilities↗2022-03-01

▶

OSV

CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2↗2021-01-04

▶

CVEList

CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2↗2021-01-04

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2022-12-08

▶

Ubuntu

GNU C Library vulnerabilities↗2022-03-01

▶

Microsoft

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32 when processing invalid multi-byte input sequences in the EUC-KR encoding may have a buffer over-read.↗2021-01-12

▶

Red Hat

glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding↗2019-09-06

▶

Debian

CVE-2019-25013: glibc - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when p...↗2019

▶