CVE-2025-26519

Name
CVE-2025-26519
Description
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da
cve@mitre.org https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659
cve@mitre.org https://www.openwall.com/lists/oss-security/2025/02/13/2
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/02/13/2
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/02/13/3
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/02/13/4
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/02/13/5
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/02/14/5
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/02/14/6

Match rules

CPE URI Source package Min version Max version
musl >= 0.9.13 < 1.2.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
musl edge-main 1.2.5-r10 Natanael Copa <ncopa@alpinelinux.org> fixed
musl 3.21-main 1.2.5-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
musl 3.20-main 1.2.5-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
musl 3.19-main 1.2.4_git20230717-r5 Timo Teräs <timo.teras@iki.fi> fixed
musl 3.18-main 1.2.4-r3 Timo Teräs <timo.teras@iki.fi> fixed
musl edge-main 1.2.5-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
musl edge-main 1.2.5-r9 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable