CVE-2025-26519 Affecting musl package, versions <1.2.4_git20230717-r5
Threat Intelligence
Exploit Maturity
Exploit maturity not defined.
Not Defined
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ALPINE319-MUSL-8720640
- published14 Feb 2025
- disclosed14 Feb 2025
Introduced: 14 Feb 2025
NewCVE-2025-26519 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
How to fix?
Upgrade Alpine:3.19 musl to version 1.2.4_git20230717-r5 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream musl package and not the musl package as distributed by Alpine.
See How to fix? for Alpine:3.19 relevant fixed versions and status.
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
References
- https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da
- https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659
- https://www.openwall.com/lists/oss-security/2025/02/13/2
- http://www.openwall.com/lists/oss-security/2025/02/13/2
- http://www.openwall.com/lists/oss-security/2025/02/13/3
- http://www.openwall.com/lists/oss-security/2025/02/13/4
- http://www.openwall.com/lists/oss-security/2025/02/13/5
- http://www.openwall.com/lists/oss-security/2025/02/14/5
- http://www.openwall.com/lists/oss-security/2025/02/14/6