The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of glibc: out-of-bounds memory reading via iconv EUC-KR Encoding

Synthesis of the vulnerability 

An attacker can force a read at an invalid address via iconv() EUC-KR Encoding of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Impacted software: BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity of this computer vulnerability: 2/4.
Creation date: 18/01/2021.
Références of this announce: CVE-2019-25013, FEDORA-2021-6e581c051a, FEDORA-2021-6feb090c97, K68251873, openSUSE-SU-2021:0358-1, RHSA-2021:0348-01, SUSE-SU-2021:0608-1, SUSE-SU-2021:0653-1, VIGILANCE-VUL-34360.

Description of the vulnerability 

An attacker can force a read at an invalid address via iconv() EUC-KR Encoding of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this security vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat 

Fedora 32: new glibc packages.
New packages are available:
  Fedora 32: glibc 2.31-5.fc32

Fedora 33: new glibc packages.
New packages are available:
  Fedora 33: glibc 2.32-3.fc33

openSUSE Leap 15.2: new glibc packages.
New packages are available:
  openSUSE Leap 15.2: glibc 2.26-lp152.26.6.1

RHEL 7.9: new glibc packages.
New packages are available:
  RHEL 7.9: glibc 2.17-322.el7_9

SUSE LE 12 SP5: new glibc packages.
New packages are available:
  SUSE LE 12 SP5: glibc 2.22-114.5.1

SUSE LE 15 RTM-SP2: new glibc packages.
New packages are available:
  SUSE LE 15 RTM: glibc 2.26-13.56.1
  SUSE LE 15 SP1: glibc 2.26-13.56.1
  SUSE LE 15 SP2: glibc 2.26-13.56.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability bulletins. The technology watch team tracks security threats targeting the computer system.