Lucene search

[email protected]NVD:CVE-2019-25013

HistoryJan 04, 2021 - 6:15 p.m.

CVE-2019-25013

2021-01-0418:15:13

CWE-125

[email protected]

web.nvd.nist.gov

gnu c library

iconv

buffer over-read

euc-kr encoding

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Affected configurations

Nvd

Node

gnuglibcRange≤2.32

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

netappontap_select_deploy_administration_utilityMatch-

netappservice_processorMatch-

broadcomfabric_operating_systemMatch-

Node

netappa250_firmwareMatch-

AND

netappa250Match-

Node

netapp500f_firmwareMatch-

AND

netapp500fMatch-

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
netappservice_processor-cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
broadcomfabric_operating_system-cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
netappa250_firmware-cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
netappa250-cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
netapp500f_firmware-cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
netapp500f-cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
netapp	service_processor	-	cpe:2.3:a:netapp:service_processor:-:::::::*
broadcom	fabric_operating_system	-	cpe:2.3:o:broadcom:fabric_operating_system:-:::::::*
netapp	a250_firmware	-	cpe:2.3:o:netapp:a250_firmware:-:::::::*
netapp	a250	-	cpe:2.3:h:netapp:a250:-:::::::*
netapp	500f_firmware	-	cpe:2.3:o:netapp:500f_firmware:-:::::::*
netapp	500f	-	cpe:2.3:h:netapp:500f:-:::::::*

Rows per page:

1-10 of 111

References

lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E

lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E

lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

lists.debian.org/debian-lts-announce/2022/10/msg00021.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/

security.gentoo.org/glsa/202107-07

security.netapp.com/advisory/ntap-20210205-0004/

sourceware.org/bugzilla/show_bug.cgi?id=24973

sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b

www.oracle.com/security-alerts/cpuapr2022.html

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Related for NVD:CVE-2019-25013