CVE-2024-2961
published 2024-04-17CVE-2024-2961: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the…
high7.3CVSS 3.1
AVLACLPRNUINSUCLILAH
EXPLOIT
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | glibc | < glibc 2.36-9+deb12u6 (bookworm) | glibc 2.36-9+deb12u6 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.15+esm3 | 2.19-0ubuntu6.15+esm3 |
| gnu | glibc | >= 0 < 2.31-13+deb11u9 | 2.31-13+deb11u9 |
| gnu | glibc | >= 0 < 2.36-9+deb12u6 | 2.36-9+deb12u6 |
| gnu | glibc | >= 0 < 2.37-18 | 2.37-18 |
| gnu | glibc | >= 0 < 2.37-18 | 2.37-18 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm6 | 2.23-0ubuntu11.3+esm6 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.6+esm2 | 2.27-3ubuntu1.6+esm2 |
| gnu | glibc | >= 2.1.93 < 2.40 | 2.40 |
| matrix-org | matrix-sdk-crypto | >= 0.7.0 < 0.7.1 | 0.7.1 |
| the_gnu_c_library | glibc | >= 2.1.93 < 2.40 | 2.40 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
osv9.8CRITICAL
vulncheck7.3HIGH