CVE-2024-2961

high-risk
Published 2024-04-17

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Do I need to act?

!
92.2% chance of exploitation in next 30 days
EPSS score — higher than 8% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10 High
LOCAL / LOW complexity

Affected Products (13)

Hci H410C Firmware

Affected Vendors

Debian Gnu Netapp

References (35)

Mailing List http://www.openwall.com/lists/oss-security/2024/04/17/9
Mailing List http://www.openwall.com/lists/oss-security/2024/04/18/4
Mailing List http://www.openwall.com/lists/oss-security/2024/04/24/2
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/1
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/2
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/3
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/4
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/5
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/6
Mailing List http://www.openwall.com/lists/oss-security/2024/07/22/5
Mailing List https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
Broken Link https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Broken Link https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Broken Link https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory https://security.netapp.com/advisory/ntap-20240531-0002/
Third Party Advisory https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
Mailing List http://www.openwall.com/lists/oss-security/2024/04/17/9
Mailing List http://www.openwall.com/lists/oss-security/2024/04/18/4
Mailing List http://www.openwall.com/lists/oss-security/2024/04/24/2
Mailing List http://www.openwall.com/lists/oss-security/2024/05/27/1
and 15 more references
60
/ 100
high-risk
Severity 23/34 · High
Exploitability 20/34 · Moderate
Exposure 17/34 · Moderate