{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-2961", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "state": "PUBLISHED", "assignerShortName": "glibc", "dateReserved": "2024-03-26T19:29:31.186Z", "datePublished": "2024-04-17T17:27:40.541Z", "dateUpdated": "2024-08-01T19:32:42.451Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [{"lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Charles Fol"}], "datePublic": "2024-04-17T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.<br>"}], "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/24/2"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/17/9"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/18/4"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/2"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/6"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/1"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/5"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0002/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2024-04-17T17:51:03.169Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-2961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-30T04:00:23.144191Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"], "vendor": "gnu", "product": "glibc", "versions": [{"status": "affected", "version": "2.1.93", "lessThan": "2.40", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:29:57.648Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.451Z"}, "title": "CVE Program Container", "references": [{"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/24/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/17/9", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/18/4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0002/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/24/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/17/9", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/18/4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0002/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.451Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-2961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-30T04:00:23.144191Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"], "vendor": "gnu", "product": "glibc", "versions": [{"status": "affected", "version": "2.1.93", "lessThan": "2.40", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T19:35:18.424Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Charles Fol"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "The GNU C Library", "product": "glibc", "versions": [{"status": "affected", "version": "2.1.93", "lessThan": "2.40", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-04-17T17:00:00.000Z", "references": [{"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/24/2"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/17/9"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/18/4"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/2"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/6"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/1"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/5"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0002/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n", "supportingMedia": [{"type": "text/html", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2024-04-17T17:51:03.169Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2961", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.451Z", "dateReserved": "2024-03-26T19:29:31.186Z", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "datePublished": "2024-04-17T17:27:40.541Z", "assignerShortName": "glibc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n"}, {"lang": "es", "value": "La funci\u00f3n iconv() en las versiones 2.39 y anteriores de la librer\u00eda GNU C puede desbordar el b\u00fafer de salida que se le pasa hasta en 4 bytes al convertir cadenas al juego de caracteres ISO-2022-CN-EXT, lo que puede usarse para bloquear una aplicaci\u00f3n. o sobrescribir una variable vecina."}], "id": "CVE-2024-2961", "lastModified": "2024-07-22T18:15:03.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-17T18:15:15.833", "references": [{"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://security.netapp.com/advisory/ntap-20240531-0002/"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Charles Fol for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:3588", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "glibc-0:2.17-326.el7_9.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-06-04T00:00:00Z"}, {"advisory": "RHSA-2024:2722", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "glibc-0:2.28-236.el8_9.13", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-07T00:00:00Z"}, {"advisory": "RHSA-2024:3269", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "glibc-0:2.28-251.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2722", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "glibc-0:2.28-236.el8_9.13", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-07T00:00:00Z"}, {"advisory": "RHSA-2024:3269", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "glibc-0:2.28-251.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3464", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "glibc-0:2.28-101.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3309", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "glibc-0:2.28-151.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3309", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "glibc-0:2.28-151.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3309", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "glibc-0:2.28-151.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2799", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "glibc-0:2.28-189.10.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:3312", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "glibc-0:2.28-225.el8_8.11", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3339", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "glibc-0:2.34-100.el9_4.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3339", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "glibc-0:2.34-100.el9_4.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3423", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "glibc-0:2.34-28.el9_0.6", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:3411", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "glibc-0:2.34-60.el9_2.14", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:2799", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "glibc-0:2.28-189.10.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:4126", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.5-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4126", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.5-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4126", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.5-4", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4126", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-4", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4126", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.5-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4126", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.5-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-06-26T00:00:00Z"}], "bugzilla": {"description": "glibc: Out of bounds write in iconv may lead to remote code execution", "id": "2273404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273404"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad."], "mitigation": {"lang": "en:us", "value": "This issue can be mitigated by removing the ISO-2022-CN-EXT from glibc-gconv-extra's modules configuration. This can be done by:\n1) Verify if the module is loaded by running:\n~~~\n$ iconv -l | grep -E 'CN-?EXT'\nISO-2022-CN-EXT//\nISO2022CNEXT//\n~~~\nIf the grep output looks like the above, ISO-2022-CN-EXT module is enabled.\n2) Disabled the module by editing the file located at /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf and comment the following lines. For RHEL 7 the file that needs to be edited is /usr/lib64/gconv/gconv-modules. This step requires to be executed by a privileged user:\n~~~\n# from to module cost\nalias ISO2022CNEXT// ISO-2022-CN-EXT//\nmodule ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1\nmodule INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1\n~~~\nFor commenting those lines just add the '#' character at the beginning of mentioned lines:\n~~~\n# from to module cost\n#alias ISO2022CNEXT// ISO-2022-CN-EXT//\n#module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1\n#module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1\n~~~\n3) Update the iconv cache by running:\n~~~\nsudo iconvconfig\n~~~\n4) Check if the module was disabled by running the first step again. This time ISO-2022-CN-EXT should not appear in the output.\nPlease notice that disabling the mentioned gconv module may lead applications relying in the affected module to fail in converting characters and should be used as a temporary mitigation before being able to fully update the affected package."}, "name": "CVE-2024-2961", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Under investigation", "package_name": "io.netty/netty-build-glibccheck-maven-plugin", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "nss_db", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Under investigation", "package_name": "@parcel/watcher-linux-x64-glibc", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2961\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2961\nhttps://www.openwall.com/lists/oss-security/2024/04/17/9"], "statement": "The described vulnerability in the iconv() function of GNU C Library, particularly affecting ISO-2022-CN-EXT character set conversions, poses a important severity issue due to its potential for out-of-bound writes. Such buffer overflows can lead to arbitrary memory corruption, which can be exploited by attackers to execute arbitrary code, crash applications, or overwrite critical data structures, including neighboring variables. Given that the overflow can occur with specific, predictable values through SS2designation and SS3designation escape sequences, an attacker could craft malicious input to specifically trigger these overflows. Exploitation of this vulnerability could result in denial of service, privilege escalation, or even remote code execution, posing a significant threat to the security and integrity of affected systems.", "threat_severity": "Important"}