Strix
26.1K

CVE-2019-25013

MEDIUMCVSS 5.9/10EPSS 3.54%

Last modified

CVE-2019-25013 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.. EPSS estimates a 3.54% chance of exploitation in the next 30 days.

Description

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Metrics

CVSS 3.1
5.9/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
3.54%

87.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GnuGlibc<= 2.32
FedoraprojectFedora32
FedoraprojectFedora33
NetappOntap Select Deploy Administration UtilityAll versions
NetappService ProcessorAll versions
BroadcomFabric Operating SystemAll versions
NetappA250 FirmwareAll versions
Netapp500f FirmwareAll versions
DebianDebian Linux10.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-25013?
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
How severe is CVE-2019-25013?
CVE-2019-25013 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 3.54% probability of exploitation in the next 30 days.
How do I fix CVE-2019-25013?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-25013?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST