CVE-2024-2961 : The iconv() function in the GNU C Library versions 2.39 and older may overflow t

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Published 2024-04-17 18:15:16

Updated 2025-02-13 18:17:58

Source glibc

View at NVD, CVE.org

Products affected by CVE-2024-2961

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-2961

EPSS FAQ

93.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2024-2961

CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() funct

Disclosure Date: 2024-07-26

First seen: 2024-10-19

exploit/linux/http/magento_xxe_to_glibc_buf_overflow

This combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961) allows for unauthenticated Remote Code Execution on the following versions of Magento and Adobe Commerce and earlier if the PHP and glibc versions are also vulner

More information

CVSS scores for CVE-2024-2961

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H	2.5	4.7	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

CWE ids for CVE-2024-2961

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: 3ff69d7a-14f2-4f67-a097-88dee7810d18 (Secondary)

References for CVE-2024-2961

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/

[SECURITY] Fedora 40 Update: glibc-2.39-8.fc40 - package-announce - Fedora Mailing-Lists
http://www.openwall.com/lists/oss-security/2024/05/27/1

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
http://www.openwall.com/lists/oss-security/2024/04/24/2

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
http://www.openwall.com/lists/oss-security/2024/05/27/5

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/

[SECURITY] Fedora 38 Update: glibc-2.37-19.fc38 - package-announce - Fedora Mailing-Lists
http://www.openwall.com/lists/oss-security/2024/05/27/2

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

sourceware.org Git - glibc.git/blob - advisories/GLIBC-SA-2024-0004
https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html

[SECURITY] [DLA 3807-1] glibc security update
https://security.netapp.com/advisory/ntap-20240531-0002/

CVE-2024-2961 GNU C Library (glibc) Vulnerability in NetApp Products | NetApp Product Security
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
http://www.openwall.com/lists/oss-security/2024/04/18/4

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
http://www.openwall.com/lists/oss-security/2024/05/27/6

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/

[SECURITY] Fedora 39 Update: glibc-2.38-18.fc39 - package-announce - Fedora Mailing-Lists
http://www.openwall.com/lists/oss-security/2024/04/17/9

oss-security - The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
http://www.openwall.com/lists/oss-security/2024/05/27/4

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)
http://www.openwall.com/lists/oss-security/2024/05/27/3

oss-security - Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
http://www.openwall.com/lists/oss-security/2024/07/22/5

oss-security - GNU C Library version 2.40 released with 5 CVE fixes

CVEs referencing this url
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)

Jump to