CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a…

medium5.9CVSS 3.1

AVNACHPRNUINSUCNINAH

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	glibc	< glibc 2.31-9 (bookworm)	glibc 2.31-9 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
gnu	glibc	<= 2.32	—
gnu	glibc	>= 0 < 2.31-9	2.31-9
gnu	glibc	>= 0 < 2.31-9	2.31-9
gnu	glibc	>= 0 < 2.31-9	2.31-9
gnu	glibc	>= 0 < 2.31-9	2.31-9
gnu	glibc	>= 0 < 2.27-3ubuntu1.5	2.27-3ubuntu1.5
gnu	glibc	>= 0 < 2.31-0ubuntu9.7	2.31-0ubuntu9.7
gnu	glibc	>= 0 < 2.23-0ubuntu11.3+esm3	2.23-0ubuntu11.3+esm3
msrc	cm1_glibc_2.28-16_on_cbl_mariner_1.0	—	—
paloalto	pan-os	—	—

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

osv5.9MEDIUM