IM
IronMonkey Threat Research

CVE-2024-2961 HIGH

Published: 2024-04-17 | Last Modified: 2026-05-12 | Status: Modified

Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Additional Descriptions (1)

La función iconv() en las versiones 2.39 y anteriores de la librería GNU C puede desbordar el búfer de salida que se le pasa hasta en 4 bytes al convertir cadenas al juego de caracteres ISO-2022-CN-EXT, lo que puede usarse para bloquear una aplicación. o sobrescribir una variable vecina.

CVSS Metrics

Base Score: 7.3 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactHIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 2.5

Impact Score: 4.7

Weaknesses

Source Type Description
3ff69d7a-14f2-4f67-a097-88dee7810d18 Secondary
en CWE-787

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702bdc346000> Application
netapp active_iq_unified_manager - <built-in method update of dict object at 0x702bcc125400> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x702bdc370080> Operating System
netapp hci_h300s_firmware - <built-in method update of dict object at 0x702bdd881500> Operating System
netapp hci_h500s_firmware - <built-in method update of dict object at 0x702bdc344cc0> Operating System
netapp hci_h700s_firmware - <built-in method update of dict object at 0x702bdc240a00> Operating System
netapp hci_h410s_firmware - <built-in method update of dict object at 0x702bfc133e80> Operating System
netapp hci_h410c_firmware - <built-in method update of dict object at 0x702bfc1309c0> Operating System
netapp hci_h610c_firmware - <built-in method update of dict object at 0x702bfc203300> Operating System
netapp hci_h610s_firmware - <built-in method update of dict object at 0x702bdc243e40> Operating System
netapp hci_h615c_firmware - <built-in method update of dict object at 0x702bfc1336c0> Operating System
netapp hci_compute_node - <built-in method update of dict object at 0x702bdc373c40> Operating System
netapp ontap_select_deploy_administration_utility - <built-in method update of dict object at 0x702bdc3467c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h610c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h610s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_h615c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

References

Notification
Message here