CVE-2019-25013
Summary
| CVE | CVE-2019-25013 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-04 18:15:00 UTC |
| Updated | 2023-11-09 14:44:00 UTC |
| Description | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Kafka | 2.6.0 | All | All | All |
| Operating System | Broadcom | Fabric Operating System | - | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Application | Gnu | Glibc | All | All | All | All |
| Hardware | Netapp | 500f | - | All | All | All |
| Operating System | Netapp | 500f Firmware | - | All | All | All |
| Hardware | Netapp | A250 | - | All | All | All |
| Operating System | Netapp | A250 Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller 500f | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller 500f Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller A250 | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller A250 Firmware | - | All | All | All |
| Operating System | Netapp | Brocade Fabric Operating System Firmware | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Netapp | Service Processor | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | lists.apache.org | ||
| sourceware.org Git - glibc.git/commit | sourceware.org | ||
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| sourceware.org Git - glibc.git/commit | MISC | sourceware.org | Patch, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| CVE-2019-25013 GNU C (glibc) Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [SECURITY] Fedora 32 Update: glibc-2.31-5.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| [SECURITY] Fedora 33 Update: glibc-2.32-3.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| glibc: Multiple vulnerabilities (GLSA 202107-07) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 32 Update: glibc-2.31-5.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 3152-1] glibc security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 33 Update: glibc-2.32-3.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | lists.apache.org | ||
| 24973 – (CVE-2019-25013) iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) | MISC | sourceware.org | Issue Tracking, Patch, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159188 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-1585)
- 159249 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-9280)
- 159295 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-9344)
- 181138 Debian Security Update for glibc (DLA 3152-1)
- 198685 Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-5310-1)
- 239336 Red Hat Update for glibc (RHSA-2021:1585)
- 352480 Amazon Linux Security Advisory for glibc: ALAS-2021-1511
- 375957 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) glibc Vulnerability (K68251873)
- 377268 Alibaba Cloud Linux Security Update for glibc (ALINUX2-SA-2021:0005)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 6140244 AWS Bottlerocket Security Update for glibc (GHSA-6c9g-m6gc-qg7j)
- 670176 EulerOS Security Update for glibc (EulerOS-SA-2021-1676)
- 670286 EulerOS Security Update for glibc (EulerOS-SA-2021-1790)
- 670842 EulerOS Security Update for glibc (EulerOS-SA-2021-1790)
- 670849 EulerOS Security Update for glibc (EulerOS-SA-2021-1676)
- 710069 Gentoo Linux glibc Multiple vulnerabilities (GLSA 202107-07)
- 730228 McAfee Web Gateway Multiple Vulnerabilities (WP-3445, WP-3483, WP-3527, WP-3528, WP-3547, WP-3584,WP-3589,WP-3611)
- 750341 OpenSUSE Security Update for glibc (openSUSE-SU-2021:0358-1)
- 900226 CBL-Mariner Linux Security Update for glibc 2.28
- 903278 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (3715)
- 940275 AlmaLinux Security Update for glibc (ALSA-2021:1585)
- 960868 Rocky Linux Security Update for glibc (RLSA-2021:1585)