Vulnerability CVE-2024-2961: Information
Description
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
glibc | sisyphus | 2.38.0.66.ge1135387de-alt1 | 2.38.0.76.e9f05fa1c6-alt1 | ALT-PU-2024-6976-2 | 345667 | Fixed |
glibc | sisyphus_loongarch64 | 2.38.0.76.e9f05fa1c6-alt1.0.port | 2.38.0.76.e9f05fa1c6-alt1.0.port | ALT-PU-2024-7462-1 | - | Fixed |
glibc | p10 | 2.32-alt5.p10.3 | 2.32-alt5.p10.3 | ALT-PU-2024-7271-3 | 347164 | Fixed |
glibc | c10f1 | 2.32-alt5.p10.3 | 2.32-alt5.p10.3 | ALT-PU-2024-7402-2 | 347166 | Fixed |