Vulnerability Name:

CVE-2019-25013 (CCN-194579)

Assigned:2019-09-06
Published:2019-09-06
Updated:2022-11-03
Summary:The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.8 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)
4.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-125
CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-25013

Source: XF
Type: UNKNOWN
gnu-glibc-cve201925013-dos(194579)

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-6feb090c97

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-6e581c051a

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-07

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210205-0004/

Source: CCN
Type: Sourceware Bugzilla – Bug 24973
(CVE-2019-25013) - iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=24973

Source: CCN
Type: glibc.git Repository
Fix buffer overrun in EUC-KR conversion module (bz #24973)

Source: MISC
Type: Patch, Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b

Source: CCN
Type: IBM Security Bulletin 6453115 (Cloud Pak for Security)
Cloud Pak for Security contains security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6493729 (Cloud Pak for Security)
Cloud Pak for Security is vulnerable to several CVEs

Source: CCN
Type: IBM Security Bulletin 6520474 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6538418 (Security Verify Access)
Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Source: CCN
Type: IBM Security Bulletin 6853463 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Source: MISC
Type: Not Applicable
https://www.oracle.com/security-alerts/cpuapr2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:glibc:*:*:*:*:*:*:*:* (Version <= 2.32)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:service_processor:-:*:*:*:*:*:*:*
  • OR cpe:/o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netapp:baseboard_management_controller_a250_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:baseboard_management_controller_a250:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netapp:baseboard_management_controller_500f_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:baseboard_management_controller_500f:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:93158
    P
    		 (Important)
    2022-07-14
    oval:org.opensuse.security:def:93311
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:3568
    P
    		libXv1-1.0.10-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94946
    P
    		libical-devel-3.0.10-150400.1.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94680
    P
    		libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:101659
    P
    		Security update for python-libxml2-python (Important)
    2022-03-10
    oval:org.opensuse.security:def:99203
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:112305
    P
    		glibc-2.34-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:4537
    P
    		Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)
    2021-12-14
    oval:org.opensuse.security:def:102214
    P
    		Security update for util-linux (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:105828
    P
    		glibc-2.34-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:101393
    P
    		python3-virt-bootstrap-1.0.0-5.3.124 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:99398
    P
    		 (Moderate)
    2021-07-20
    oval:com.redhat.rhsa:def:20211585
    P
    		RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate)
    2021-05-18
    oval:org.opensuse.security:def:111242
    P
    		Security update for glibc (Important)
    2021-02-27
    oval:org.opensuse.security:def:10398
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:8707
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:108325
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:93005
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:70348
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9648
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:100108
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92448
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:69594
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:73779
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:8897
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:108880
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:70538
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:64657
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9847
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:95501
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92647
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:69788
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:74694
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:117573
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9092
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:99597
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:97247
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92058
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:65626
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:10208
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:5953
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:99008
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:108059
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92846
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:69987
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:76110
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:117839
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9454
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:99796
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92253
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:67042
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:60462
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:5187
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:26200
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:34639
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:com.redhat.rhsa:def:20210348
    P
    		RHSA-2021:0348: glibc security and bug fix update (Moderate)
    2021-02-02
    BACK
    gnu glibc *
    fedoraproject fedora 32
    fedoraproject fedora 33
    netapp ontap select deploy administration utility -
    netapp service processor -
    broadcom fabric operating system -
    netapp baseboard management controller a250 firmware -
    netapp baseboard management controller a250 -
    netapp baseboard management controller 500f firmware -
    netapp baseboard management controller 500f -
    debian debian linux 10.0
    ibm qradar security information and event manager 7.3
    ibm qradar security information and event manager 7.4 -
    ibm security verify access 10.0.0
    ibm cloud pak for security 1.4.0.0
    ibm security verify access 10.0.2.0
    ibm cloud pak for security 1.6.0.0
    ibm cloud pak for security 1.5.0.1
    ibm cloud pak for security 1.5.0.0
    ibm cloud pak for security 1.6.0.1
    ibm cloud pak for security 1.7.0.0
    ibm cloud pak for security 1.7.1.0
    ibm cloud pak for security 1.7.2.0
    ibm security verify access 10.0.1.0
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3
    ibm robotic process automation for cloud pak 21.0.5
    ibm robotic process automation for cloud pak 21.0.4