#VU50329 Out-of-bounds read in Glibc


Published: 2021-01-04 | Updated: 2021-02-04

Vulnerability identifier: #VU50329

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-25013

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Glibc: 0.1 - 5.3.12

CPE

External links
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/
http://sourceware.org/bugzilla/show_bug.cgi?id=24973
http://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Ubuntu update for glibc
Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
SUSE update for glibc
Multiple vulnerabilities in IBM Cloud Pak for Security
Multiple vulnerabilities in Red Hat Service Telemetry Framework
Multiple vulnerabilities in Cloud Foundry cflinuxfs3
Ubuntu update for glibc
Multiple vulnerabilities in IBM Security Verify Access
Multiple vulnerabilities in Dell EMC Unity
Multiple vulnerabilities in Red Hat Web Terminal