CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26519: musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted...

8.1 CVSS

Description

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

Classification

CVE ID: CVE-2025-26519

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Affected Products

Vendor: musl-libc

Product: musl

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.4% (scored less or equal to compared to others)

EPSS Date: 2025-03-15 (when was this score calculated)

References

https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659
https://www.openwall.com/lists/oss-security/2025/02/13/2
https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da

Timeline

2025-02-15 00:36:39 UTC
CVE

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted...