High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2024-2961
High
Low
Medium
High
Critical
7.3
CVSS Score
Vulnerability Description
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
L
Availability
H
Known Affected Software
108 configuration(s) from 3 vendor(s)
debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
glibc
Version:
2.35
CPE:
cpe:2.3:a:gnu:glibc:2.35:*:*:*:*:*:*:*
glibc
Version:
2.38.19
CPE:
cpe:2.3:a:gnu:glibc:2.38.19:*:*:*:*:*:*:*
glibc
Version:
2.36.9000
CPE:
cpe:2.3:a:gnu:glibc:2.36.9000:*:*:*:*:*:*:*
glibc
Version:
2.10.2
CPE:
cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
glibc
Version:
2.26
CPE:
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:x86:*
glibc
Version:
2.2.4
CPE:
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
glibc
Version:
2.2.5
CPE:
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
glibc
Version:
2.23
CPE:
cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:x86:*
glibc
Version:
2.33
CPE:
cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
glibc
Version:
2.18.90
CPE:
cpe:2.3:a:gnu:glibc:2.18.90:*:*:*:*:*:*:*
glibc
Version:
2.1.97
CPE:
cpe:2.3:a:gnu:glibc:2.1.97:*:*:*:*:*:*:*
glibc
Version:
2.36.113
CPE:
cpe:2.3:a:gnu:glibc:2.36.113:*:*:*:*:*:*:*
glibc
Version:
2.7
CPE:
cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
glibc
Version:
2.21
CPE:
cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*
glibc
Version:
2.12
CPE:
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:x86:*
glibc
Version:
2.11.3
CPE:
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
glibc
Version:
2.3
CPE:
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
glibc
Version:
2.3.6
CPE:
cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
glibc
Version:
2.30.9000
CPE:
cpe:2.3:a:gnu:glibc:2.30.9000:*:*:*:*:*:*:*
glibc
Version:
2.26.9000
CPE:
cpe:2.3:a:gnu:glibc:2.26.9000:*:*:*:*:*:*:*
glibc
Version:
2.37.38
CPE:
cpe:2.3:a:gnu:glibc:2.37.38:*:*:*:*:*:*:*
glibc
Version:
2.5
CPE:
cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
glibc
Version:
2.39.9000
CPE:
cpe:2.3:a:gnu:glibc:2.39.9000:*:*:*:*:*:*:*
glibc
Version:
2.37
CPE:
cpe:2.3:a:gnu:glibc:2.37:*:*:*:*:*:*:*
glibc
Version:
2.32.0
CPE:
cpe:2.3:a:gnu:glibc:2.32.0:*:*:*:*:*:*:*
glibc
Version:
2.33.9000
CPE:
cpe:2.3:a:gnu:glibc:2.33.9000:*:*:*:*:*:*:*
glibc
Version:
2.12.0
CPE:
cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
glibc
Version:
2.20
CPE:
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
glibc
Version:
2.11
CPE:
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
glibc
Version:
2.19.90
CPE:
cpe:2.3:a:gnu:glibc:2.19.90:*:*:*:*:*:*:*
glibc
Version:
2.17
CPE:
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
glibc
Version:
2.3.10
CPE:
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
glibc
Version:
2.32.9000
CPE:
cpe:2.3:a:gnu:glibc:2.32.9000:*:*:*:*:*:*:*
glibc
Version:
2.2.3
CPE:
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
glibc
Version:
2.5.1
CPE:
cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
glibc
Version:
2.18
CPE:
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
glibc
Version:
2.15
CPE:
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
glibc
Version:
2.38.9000
CPE:
cpe:2.3:a:gnu:glibc:2.38.9000:*:*:*:*:*:*:*
glibc
Version:
2.30
CPE:
cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
glibc
Version:
2.3.4
CPE:
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
glibc
Version:
2.12.1
CPE:
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
glibc
Version:
2.2.1
CPE:
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
glibc
Version:
2.28.9000
CPE:
cpe:2.3:a:gnu:glibc:2.28.9000:*:*:*:*:*:*:*
glibc
Version:
2.14.9000
CPE:
cpe:2.3:a:gnu:glibc:2.14.9000:*:*:*:*:*:*:*
glibc
Version:
2.29.9000
CPE:
cpe:2.3:a:gnu:glibc:2.29.9000:*:*:*:*:*:*:*
glibc
Version:
2.22
CPE:
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
glibc
Version:
2.6
CPE:
cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
glibc
Version:
2.6.1
CPE:
cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
glibc
Version:
2.1.94
CPE:
cpe:2.3:a:gnu:glibc:2.1.94:*:*:*:*:*:*:*
glibc
Version:
2.11.1
CPE:
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
glibc
Version:
2.2.2
CPE:
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
glibc
Version:
2.1.95
CPE:
cpe:2.3:a:gnu:glibc:2.1.95:*:*:*:*:*:*:*
glibc
Version:
2.27.9000
CPE:
cpe:2.3:a:gnu:glibc:2.27.9000:*:*:*:*:*:*:*
glibc
Version:
2.11.2
CPE:
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
glibc
Version:
2.3.1
CPE:
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
glibc
Version:
2.3.2
CPE:
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
glibc
Version:
2.36
CPE:
cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:*
glibc
Version:
2.20.90
CPE:
cpe:2.3:a:gnu:glibc:2.20.90:*:*:*:*:*:*:*
glibc
Version:
2.29
CPE:
cpe:2.3:a:gnu:glibc:2.29:*:*:*:*:*:x86:*
glibc
Version:
2.8
CPE:
cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
glibc
Version:
2.3.5
CPE:
cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
glibc
Version:
2.37.9000
CPE:
cpe:2.3:a:gnu:glibc:2.37.9000:*:*:*:*:*:*:*
glibc
Version:
2.19
CPE:
cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*
glibc
Version:
2.2
CPE:
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
glibc
Version:
2.16.90
CPE:
cpe:2.3:a:gnu:glibc:2.16.90:*:*:*:*:*:*:*
glibc
Version:
2.1.93
CPE:
cpe:2.3:a:gnu:glibc:2.1.93:*:*:*:*:*:*:*
glibc
Version:
2.24.90
CPE:
cpe:2.3:a:gnu:glibc:2.24.90:*:*:*:*:*:*:*
glibc
Version:
2.39
CPE:
cpe:2.3:a:gnu:glibc:2.39:*:*:*:*:*:*:*
glibc
Version:
2.13
CPE:
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
glibc
Version:
2.28
CPE:
cpe:2.3:a:gnu:glibc:2.28:*:*:*:*:*:x86:*
glibc
Version:
2.4
CPE:
cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
glibc
Version:
2.22.90
CPE:
cpe:2.3:a:gnu:glibc:2.22.90:*:*:*:*:*:*:*
glibc
Version:
2.31.9000
CPE:
cpe:2.3:a:gnu:glibc:2.31.9000:*:*:*:*:*:*:*
glibc
Version:
2.23.90
CPE:
cpe:2.3:a:gnu:glibc:2.23.90:*:*:*:*:*:*:*
glibc
Version:
2.32
CPE:
cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
glibc
Version:
2.3.3
CPE:
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
glibc
Version:
2.10
CPE:
cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
glibc
Version:
2.25.90
CPE:
cpe:2.3:a:gnu:glibc:2.25.90:*:*:*:*:*:*:*
glibc
Version:
2.17.90
CPE:
cpe:2.3:a:gnu:glibc:2.17.90:*:*:*:*:*:*:*
glibc
Version:
2.14.1
CPE:
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
glibc
Version:
2.31
CPE:
cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
glibc
Version:
2.34
CPE:
cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*
glibc
Version:
2.14
CPE:
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
glibc
Version:
2.1.96
CPE:
cpe:2.3:a:gnu:glibc:2.1.96:*:*:*:*:*:*:*
glibc
Version:
2.27
CPE:
cpe:2.3:a:gnu:glibc:2.27:*:*:*:*:*:x86:*
glibc
Version:
2.38
CPE:
cpe:2.3:a:gnu:glibc:2.38:*:*:*:*:*:*:*
glibc
Version:
2.10.1
CPE:
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
glibc
Version:
2.21.90
CPE:
cpe:2.3:a:gnu:glibc:2.21.90:*:*:*:*:*:*:*
glibc
Version:
2.16
CPE:
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
glibc
Version:
2.9
CPE:
cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
glibc
Version:
2.34.9000
CPE:
cpe:2.3:a:gnu:glibc:2.34.9000:*:*:*:*:*:*:*
glibc
Version:
2.25
CPE:
cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*
glibc
Version:
2.35.9000
CPE:
cpe:2.3:a:gnu:glibc:2.35.9000:*:*:*:*:*:*:*
glibc
Version:
2.16.0
CPE:
cpe:2.3:a:gnu:glibc:2.16.0:*:*:*:*:*:*:*
glibc
Version:
2.12.2
CPE:
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
glibc
Version:
2.24
CPE:
cpe:2.3:a:gnu:glibc:2.24:*:*:*:*:*:*:*
hci_h610s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*
active_iq_unified_manager
Version:
-
CPE:
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
hci_h410s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h410s_firmware:-:*:*:*:*:*:*:*
hci_h610c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*
hci_h615c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*
hci_h500s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h500s_firmware:-:*:*:*:*:*:*:*
hci_compute_node
Version:
-
CPE:
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
hci_h700s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h700s_firmware:-:*:*:*:*:*:*:*
hci_h410c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
hci_h300s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:hci_h300s_firmware:-:*:*:*:*:*:*:*
ontap_select_deploy_administration_utility
Version:
-
CPE:
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
This vulnerability affects 108 software configuration(s). Ensure you patch all affected systems.
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
http://www.openwall.com/lists/oss-security/2024/04/17/93ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/04/18/43ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/04/24/23ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/13ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/23ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/33ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/43ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/53ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/63ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/07/22/53ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html3ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/3ff69d7a-14f2-4f67-a097-88dee7810d18 Broken Link
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/3ff69d7a-14f2-4f67-a097-88dee7810d18 Broken Link
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/3ff69d7a-14f2-4f67-a097-88dee7810d18 Broken Link
-
https://security.netapp.com/advisory/ntap-20240531-0002/3ff69d7a-14f2-4f67-a097-88dee7810d18 Third Party Advisory
-
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-00043ff69d7a-14f2-4f67-a097-88dee7810d18 Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/04/17/9af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/04/18/4af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/04/24/2af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/1af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/2af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/3af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/4af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/5af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/05/27/6af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/07/22/5af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/05/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://security.netapp.com/advisory/ntap-20240531-0002/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3af854a3a-2127-422b-91ae-364da2661108 Broken Link
Severity Details
7.3
out of 10.0
High
Weakness Type (CWE)
CWE-787
Top 25 #2
Out-of-bounds Write
- Description
- The product writes data past the end, or before the beginning, of the intended buffer.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- April 17, 2024
