PT-2019-17770 · Freebsd · Freebsd

Published

2019-07-02

·

Updated

2020-08-24

·

CVE-2019-5600

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.0-STABLE before r349622 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p7 FreeBSD versions 11.3-PRERELEASE before r349624 FreeBSD versions 11.3-RC3 before 11.3-RC3-p1 FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p11
Description A bug in the iconv implementation may allow an attacker to write past the end of an output buffer, potentially leading to a denial of service, incorrect program behavior, or remote code execution.
Recommendations For FreeBSD versions 12.0-STABLE before r349622, update to a version after r349622. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p7, update to 12.0-RELEASE-p7 or later. For FreeBSD versions 11.3-PRERELEASE before r349624, update to a version after r349624. For FreeBSD versions 11.3-RC3 before 11.3-RC3-p1, update to 11.3-RC3-p1 or later. For FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p11, update to 11.2-RELEASE-p11 or later.

Fix

RCE

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-5600
FREEBSD-SA-19_09

Affected Products

Freebsd