CVE-2019-25013

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

References

https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b

https://sourceware.org/bugzilla/show_bug.cgi?id=24973

https://lists.fedoraproject.org/archives/list/[email protected]/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/

https://security.netapp.com/advisory/ntap-20210205-0004/

https://lists.apache.org/thread.html/[email protected]%3Cdev.mina.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.kafka.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.zookeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.zookeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/rd2354f9ccce4[email protected]%3Cissues.zookeeper.apache.org%3E

Details

Source: MITRE

Published: 2021-01-04

Updated: 2021-07-06

Type: CWE-125

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
151518Amazon Linux AMI : glibc (ALAS-2021-1511)NessusAmazon Linux Local Security Checks
low
151398EulerOS Virtualization 3.0.2.2 : glibc (EulerOS-SA-2021-2136)NessusHuawei Local Security Checks
medium
150034CentOS 8 : glibc (CESA-2021:1585)NessusCentOS Local Security Checks
critical
149915Oracle Linux 8 : glibc (ELSA-2021-1585)NessusOracle Linux Local Security Checks
critical
149664RHEL 8 : glibc (RHSA-2021:1585)NessusRed Hat Local Security Checks
critical
149140EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)NessusHuawei Local Security Checks
high
148630EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2021-1713)NessusHuawei Local Security Checks
medium
148587EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2021-1750)NessusHuawei Local Security Checks
medium
148082EulerOS 2.0 SP5 : glibc (EulerOS-SA-2021-1676)NessusHuawei Local Security Checks
low
148029Photon OS 4.0: Glibc PHSA-2021-4.0-0005NessusPhotonOS Local Security Checks
medium
147607EulerOS Virtualization 3.0.2.6 : glibc (EulerOS-SA-2021-1412)NessusHuawei Local Security Checks
high
147592EulerOS Virtualization 3.0.6.6 : glibc (EulerOS-SA-2021-1477)NessusHuawei Local Security Checks
low
147455EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2021-1382)NessusHuawei Local Security Checks
medium
147065EulerOS Virtualization for ARM 64 3.0.6.0 : glibc (EulerOS-SA-2021-1537)NessusHuawei Local Security Checks
medium
146924SUSE SLES12 Security Update : glibc (SUSE-SU-2021:0608-1)NessusSuSE Local Security Checks
medium
146916openSUSE Security Update : glibc (openSUSE-2021-358)NessusSuSE Local Security Checks
medium
146903SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2021:0653-1)NessusSuSE Local Security Checks
medium
146655EulerOS 2.0 SP2 : glibc (EulerOS-SA-2021-1299)NessusHuawei Local Security Checks
medium
146627Amazon Linux 2 : glibc (ALAS-2021-1605)NessusAmazon Linux Local Security Checks
high
146625Amazon Linux 2 : glibc (ALAS-2021-1599)NessusAmazon Linux Local Security Checks
medium
146101Oracle Linux 7 : glibc (ELSA-2021-0348)NessusOracle Linux Local Security Checks
medium
146097CentOS 7 : glibc (CESA-2021:0348)NessusCentOS Local Security Checks
medium
146081RHEL 7 : glibc (RHSA-2021:0348)NessusRed Hat Local Security Checks
medium
146062Scientific Linux Security Update : glibc on SL7.x i686/x86_64 (2021:0348)NessusScientific Linux Local Security Checks
medium
145715EulerOS 2.0 SP8 : glibc (EulerOS-SA-2021-1142)NessusHuawei Local Security Checks
medium
145696Photon OS 3.0: Glibc PHSA-2021-3.0-0189NessusPhotonOS Local Security Checks
medium
145694Photon OS 2.0: Glibc PHSA-2021-2.0-0315NessusPhotonOS Local Security Checks
medium
145232Photon OS 1.0: Glibc PHSA-2021-1.0-0354NessusPhotonOS Local Security Checks
medium
145196Fedora 32 : glibc (2021-6e581c051a)NessusFedora Local Security Checks
high
145122Fedora 33 : glibc (2021-6feb090c97)NessusFedora Local Security Checks
medium