oss-sec mailing list archives

Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv()

From: Nick Wellnhofer <wellnhofer () aevum de>
Date: Fri, 14 Feb 2025 11:14:28 +0100

On Feb 13, 2025, at 23:28, Daniel Gutson <danielgutson () gmail com> wrote:


Curious: is there any info about how this was discovered?


The bug was discovered with basic fuzz testing. As libxml2 maintainer, I found more and more issues in various iconv 
implementations by accident which is a strong indicator that all this code isn't tested enough. The iconv API is also 
trivial to fuzz, so it seemed like a nice weekend project.

Nick

Current thread:

CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker (Feb 13)
- Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker (Feb 13)
- Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Daniel Gutson (Feb 13)
  - Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker (Feb 13)
  - Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Nick Wellnhofer (Feb 14)
    - Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Daniel Gutson (Feb 14)