FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- iconv buffer overflow

Affected packages
12.0 <= FreeBSD < 12.0_7
11.2 <= FreeBSD < 11.2_11

Details

VuXML ID f62bba56-b309-11e9-a87f-a4badb2f4699
Discovery 2019-07-02
Entry 2019-07-30

Problem Description:

With certain inputs, iconv may write beyond the end of the output buffer.

Impact:

Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons.

References

CVE Name CVE-2019-5600
FreeBSD Advisory SA-19:09.iconv