Vulnerability Description
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | <= 2.32 |
| Fedoraproject | Fedora | 32 |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Service Processor | - |
| Broadcom | Fabric Operating System | - |
| Netapp | A250 Firmware | - |
| Netapp | A250 | - |
| Netapp | 500F Firmware | - |
| Netapp | 500F | - |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7af
- https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d812
- https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51b
- https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d70
- https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9ee
- https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b22556
- https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9
- https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202107-07Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210205-0004/Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=24973Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2019-25013?
CVE-2019-25013 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
How severe is CVE-2019-25013?
CVE-2019-25013 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25013?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Fedoraproject Fedora, Netapp Ontap Select Deploy Administration Utility, Netapp Service Processor, Broadcom Fabric Operating System.