CVE-2024-2961
glibc: Out of bounds write in iconv may lead to remote code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
La función iconv() en las versiones 2.39 y anteriores de la librería GNU C puede desbordar el búfer de salida que se le pasa hasta en 4 bytes al convertir cadenas al juego de caracteres ISO-2022-CN-EXT, lo que puede usarse para bloquear una aplicación. o sobrescribir una variable vecina.
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-03-26 CVE Reserved
- 2024-04-17 CVE Published
- 2024-04-24 First Exploit
- 2024-10-23 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
- CAPEC-100: Overflow Buffers
References (22)
URL | Date | SRC |
---|---|---|
https://github.com/rvizx/CVE-2024-2961 | 2024-05-20 | |
https://github.com/tnishiox/cve-2024-2961 | 2024-06-04 | |
https://github.com/absolutedesignltd/iconvfix | 2024-05-30 | |
https://github.com/mattaperkins/FIX-CVE-2024-2961 | 2024-04-24 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-2961 | 2024-10-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2273404 | 2024-10-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
The GNU C Library Search vendor "The GNU C Library" | Glibc Search vendor "The GNU C Library" for product "Glibc" | >= 2.1.93 < 2.40 Search vendor "The GNU C Library" for product "Glibc" and version " >= 2.1.93 < 2.40" | en |
Affected
|