CVE-2019-5600 Information

Description

In FreeBSD 12.0-STABLE before r349622 12.0-RELEASE before 12.0-RELEASE-p7 11.3-PRERELEASE before r349624 11.3-RC3 before 11.3-RC3-p1 and 11.2-RELEASE before 11.2-RELEASE-p11 a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation an attacker may be able to create a denial of service provoke incorrect program behavior or induce a remote code execution.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8