Vulnerability CVE-2024-2961: Information

Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-2961
Published: April 17, 2024
Modified: May 4, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.38.0.66.ge1135387de-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2024-6976-2345667Fixed
glibcsisyphus_loongarch642.38.0.76.e9f05fa1c6-alt1.0.port2.38.0.76.e9f05fa1c6-alt1.0.portALT-PU-2024-7462-1-Fixed
glibcp102.32-alt5.p10.32.32-alt5.p10.3ALT-PU-2024-7271-3347164Fixed
glibcc10f12.32-alt5.p10.32.32-alt5.p10.3ALT-PU-2024-7402-2347166Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
        https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
          http://www.openwall.com/lists/oss-security/2024/04/24/2
            http://www.openwall.com/lists/oss-security/2024/04/17/9
              http://www.openwall.com/lists/oss-security/2024/04/18/4
                https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v24.5.1
                  Back to top