CVE-2019-5600
published 2019-07-03CVE-2019-5600: In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.86%
90.9th percentile
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability resides in the iconv(3) implementation within FreeBSD libc. Monitor for out-of-bounds write conditions triggered by iconv calls, particularly in daemons or applications processing attacker-controlled character encoding conversions. ↗
- →Stack canaries (-fstack-protector) are enabled by default on FreeBSD and provide partial defense against code injection via this vulnerability, but do NOT prevent denial-of-service exploitation. Detection of crashes or abnormal termination in iconv-using daemons may indicate exploitation attempts. ↗
- →Identify vulnerable FreeBSD versions in scope: 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11. ↗
- ·No workaround is available for this vulnerability. The only mitigation is patching to a corrected FreeBSD version or revision. ↗
- ·The exploitability and attack surface depend entirely on how iconv is used by individual applications or daemons on the system; there is no single universal attack vector. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
BSD
FreeBSD-SA-19:09.iconv: iconv buffer overflow
bsd_advisories·2019-07-02·CVSS 9.8
CVE-2019-5600 [CRITICAL] FreeBSD-SA-19:09.iconv: iconv buffer overflow
FreeBSD-SA-19:09.iconv Security Advisory
The FreeBSD Project
Topic: iconv buffer overflow
Category: core
Module: libc
Announced: 2019-07-02
Credits: Andrea Venturoli , NetFence
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-03 00:01:38 UTC (stable/12, 12.0-STABLE)
2019-07-03 00:00:39 UTC (releng/12.0, 12.0-RELEASE-p7)
2019-07-03 00:03:14 UTC (stable/11, 11.3-PRERELEASE)
2019-07-03 00:00:39 UTC (releng/11.3, 11.3-RC3-p1)
2019-07-03 00:00:39 UTC (releng/11.2, 11.2-RELEASE-p11)
CVE Name: CVE-2019-5600
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The iconv(3) API converts text data from one character encoding to another
and is available
Cisco
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
vendor_cisco·2019-03-06·CVSS 7.4
CVE-2019-1595 [HIGH] CWE-913 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that addr
Cisco
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-1595 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
CVE-2019-1595: Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
GHSA
GHSA-7834-45vp-q83w: In FreeBSD 12
ghsa_unreviewed·2022-05-24
CVE-2019-5600 [CRITICAL] GHSA-7834-45vp-q83w: In FreeBSD 12
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.
No detection rules found.
No public exploits indexed.
http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.aschttp://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc
2019-07-03
Published