CVE-2024-2961

Published: Apr 17, 2024Modified: May 12, 2026

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability: 2.5 / Impact: 4.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Affected (13)

Products: Debian: Debian Linux · Gnu: Glibc · Netapp: Active Iq Unified Manager, Hci H300s Firmware, Hci H500s Firmware, Hci H700s Firmware, Hci H410s Firmware, Hci H410c Firmware, Hci H610c Firmware, Hci H610s Firmware, Hci H615c Firmware, Hci Compute Node, Ontap Select Deploy Administration Utility

1 product

1 product

11 products

Active Iq Unified Manager

Ontap Select Deploy Administration Utility

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Gnu Glibc	From 2.1.93 to 2.40
Netapp Active Iq Unified Manager	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H300s Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H300s	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H500s Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H500s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H700s Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H700s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H410s Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H410s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H410c Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H410c	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H610c Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H610c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H610s Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H610s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci H615c Firmware	All versions

Running on/with	Platform Versions
Netapp Hci H615c	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci Compute Node	All versions

Running on/with	Platform Versions
Netapp Hci Compute Node	All versions

Configuration K

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (36)

http://www.openwall.com/lists/oss-security/2024/04/17/9

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/18/4

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/24/2

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/1

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/2

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/3

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/4

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/5

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/6

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/07/22/5

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Broken Link

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Broken Link

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Broken Link

https://security.netapp.com/advisory/ntap-20240531-0002/

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Third Party Advisory

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/17/9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/18/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/24/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/05/27/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/07/22/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://security.netapp.com/advisory/ntap-20240531-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.ambionics.io/blog/iconv-cve-2024-2961-p2

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.ambionics.io/blog/iconv-cve-2024-2961-p3

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Timeline

No history available yet.