CVE-2020-25013
published 2020-11-16CVE-2020-25013: JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
PriorityP434high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.37%
68.4th percentile
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | glibc | >= 0 < 2.27-3ubuntu1.5 | 2.27-3ubuntu1.5 |
| gnu | glibc | >= 0 < 2.31-0ubuntu9.7 | 2.31-0ubuntu9.7 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm3 | 2.23-0ubuntu11.3+esm3 |
| jetbrains | toolbox | < 1.18 | 1.18 |
| msrc | cbl2_toolbox_0.0.18-9_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.9MEDIUM
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
glibc vulnerabilities
osv·2022-12-08·CVSS 5.9
CVE-2016-10228 glibc vulnerabilities
glibc vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013,
CVE-2020-27618)
It was discovered that the GNU C Library did not properly handled DNS
responses when ENDS0 is enabled. An attacker could possibly use this issue
to cause fragmentation-based attacks. (CVE-2017-12132)
GHSA
GHSA-q292-fcwh-4fmh: JetBrains ToolBox before version 1
ghsa_unreviewed·2022-05-24
CVE-2020-25013 [HIGH] GHSA-q292-fcwh-4fmh: JetBrains ToolBox before version 1
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
OSV
glibc vulnerabilities
osv·2022-03-01·CVSS 5.9
CVE-2016-10228 glibc vulnerabilities
glibc vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618,
CVE-2020-29562, CVE-2021-3326)
Jason Royes and Samuel Dytrych discovered that the GNU C Library
incorrectly handled signed comparisons on ARMv7 targets. A remote attacker
could use this issue to cause the GNU C Library to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-6096)
It was discovered that the
Microsoft
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
vendor_msrc·2020-11-10·CVSS 7.5
CVE-2020-25013 [HIGH] JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Required: Yes
R
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-16
Published