CVE-2019-5600

Опубликовано: 03 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.

Ссылки

http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html
Third Party Advisory
VDB Entry
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc
Vendor Advisory
http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html
Third Party Advisory
VDB Entry
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:rc3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02275

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-7834-45vp-q83w

github

больше 3 лет назад