CVE-2019-5600 (GCVE-0-2019-5600)
Vulnerability from cvelistv5 – Published: 2019-07-03 18:50 – Updated: 2024-08-04 20:01
VLAI
Summary
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.
Severity
9.8 (Critical)
CWE
- Buffer overflow in iconv
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| http://packetstormsecurity.com/files/153520/FreeB… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow in iconv",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T19:06:06.000Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow in iconv"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc"
},
{
"name": "http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5600",
"datePublished": "2019-07-03T18:50:23.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:52.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-5600",
"date": "2026-06-30",
"epss": "0.04861",
"percentile": "0.90937"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-5600\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2019-07-03T19:15:12.783\",\"lastModified\":\"2024-11-21T04:45:12.653\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD 12.0-ESTABLE en versiones anteriores a la r349622, 12.0-RELEASE en versiones anteriores a la 12.0-RELEASE-p7, 11.3-PRERELEASE en versiones anteriores a la r349624, 11.3-RC3 en versiones anteriores a la 11.3-RC3-p1, y 11.2-RELEASE en versiones anteriores a la 11.2-RELEASE-p11, un error en la implementaci\u00f3n de iconv puede permitir que un atacante escriba m\u00e1s all\u00e1 del final de un b\u00fafer de salida. Dependiendo de la implementaci\u00f3n, un atacante puede crear una denegaci\u00f3n de servicio, provocar un comportamiento incorrecto del programa o inducir una ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8A5CDA-E099-47BA-A0C0-2F79C0432156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E86CD544-86C4-4D9D-9CE5-087027509EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E47AE7-BB45-428E-90E9-38BFDFF23650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0B15B89-3AD2-4E03-9F47-DA934702187B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"878DF67E-420A-4229-BEA8-DB9F7161ED9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E03E6445-DD63-44E8-85D1-3971253F395A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AD57A9-F53A-4E40-966E-F2F50852C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4029113-130F-4A33-A8A0-BC3E74000378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C5A6FD-7BBF-4E84-9895-8EE14DC846E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D71D083-3279-4DF4-91E1-38C373DD062F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"882669AB-BCFC-4517-A3E9-33D344F1ED0D\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…