Home > Vulnerability Database > CVE-2024-2961

Mend.io Vulnerability Database

CVE-2024-2961

Date: April 17, 2024

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Language: C

Severity Score

7.3

Related Resources (21)

Url: http://www.openwall.com/lists/oss-security/2024/07/22/5

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/

Url: http://www.openwall.com/lists/oss-security/2024/04/24/2

Url: http://www.openwall.com/lists/oss-security/2024/04/17/9

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/

Url: http://www.openwall.com/lists/oss-security/2024/05/27/2

Url: http://www.openwall.com/lists/oss-security/2024/05/27/1

Url: http://www.openwall.com/lists/oss-security/2024/04/18/4

Url: http://www.openwall.com/lists/oss-security/2024/05/27/4

Url: http://www.openwall.com/lists/oss-security/2024/05/27/3

Url: http://www.openwall.com/lists/oss-security/2024/05/27/6

Url: http://www.openwall.com/lists/oss-security/2024/05/27/5

Url: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

Url: https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2961

Url: https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/

Url: https://www.ambionics.io/blog/iconv-cve-2024-2961-p2

Url: https://security.netapp.com/advisory/ntap-20240531-0002/

Url: https://www.ambionics.io/blog/iconv-cve-2024-2961-p3

Url: https://www.mend.io/vulnerability-database/CVE-2024-2961

Severity Score

7.3

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2961

Date: April 17, 2024

Language: C

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?