CVE-2025-26519

Name

CVE-2025-26519

Description

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve@mitre.org	https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da
cve@mitre.org	https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/02/13/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/13/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/13/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/13/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/13/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/14/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/14/6

Match rules

CPE URI	Source package	Min version	Max version
	musl	>= 0.9.13	< 1.2.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
musl	edge-main	1.2.5_git20251012-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5_git20250919-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r21	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r20	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r19	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r18	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r17	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r16	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r15	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r14	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r13	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r12	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r11	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r10	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	edge-main	1.2.5-r9	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
musl	edge-main	1.2.5-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
musl	edge-main	1.2.2_pre2-r0	None	possibly vulnerable
musl	edge-main	1.1.23-r2	None	possibly vulnerable
musl	edge-main	1.1.15-r4	None	possibly vulnerable
musl	3.22-main	1.2.5-r10	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	3.22-main	1.2.2_pre2-r0	None	possibly vulnerable
musl	3.22-main	1.1.23-r2	None	possibly vulnerable
musl	3.22-main	1.1.15-r4	None	possibly vulnerable
musl	3.21-main	1.2.5-r9	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	3.21-main	1.2.5-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
musl	3.21-main	1.2.2_pre2-r0	None	possibly vulnerable
musl	3.21-main	1.1.23-r2	None	possibly vulnerable
musl	3.21-main	1.1.15-r4	None	possibly vulnerable
musl	3.20-main	1.2.5-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
musl	3.20-main	1.2.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
musl	3.20-main	1.2.2_pre2-r0	None	possibly vulnerable
musl	3.20-main	1.1.23-r2	None	possibly vulnerable
musl	3.20-main	1.1.15-r4	None	possibly vulnerable
musl	3.19-main	1.2.4_git20230717-r5	Timo Teräs <timo.teras@iki.fi>	fixed
musl	3.19-main	1.2.4_git20230717-r4	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
musl	3.19-main	1.2.2_pre2-r0	None	possibly vulnerable
musl	3.19-main	1.1.23-r2	None	possibly vulnerable
musl	3.19-main	1.1.15-r4	None	possibly vulnerable
musl	3.18-main	1.2.4-r3	Timo Teräs <timo.teras@iki.fi>	fixed