The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24973 Upstream patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1913056]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0348 https://access.redhat.com/errata/RHSA-2021:0348
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-25013
Statement: This flaw has been rated as having moderate impact for glibc packages shipped with Red Hat Enterprise Linux because, the maximum impact of this vulnerability is a crash, and it relies on processing untrusted input in an uncommon encoding (EUC-KR). When this encoding is not used, the vulnerability can not be triggered.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1585 https://access.redhat.com/errata/RHSA-2021:1585