The iconv plugin ISO-2022-CN-EXT, when converting from UCS4, might trigger a OOB write. The encoding requires to add escape sequence to indicate where it changes the character set (as described by RFC 1922) and while the bounds check is done by the SOdesignation designation, it is missing for SS2designation and SS3designation. This leads to an overflow of 1, 2, or 3 bytes with fixed values: `$+I`, `$+J`, `$+K`, `$+L`, `$+M`, or , `$*H`.
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 2275855]
Created glibc tracking bugs for this issue: Affects: fedora-rawhide [bug 2275933]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2722 https://access.redhat.com/errata/RHSA-2024:2722
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:2799 https://access.redhat.com/errata/RHSA-2024:2799
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3269 https://access.redhat.com/errata/RHSA-2024:3269
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:3309 https://access.redhat.com/errata/RHSA-2024:3309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:3312 https://access.redhat.com/errata/RHSA-2024:3312
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3339 https://access.redhat.com/errata/RHSA-2024:3339
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3423 https://access.redhat.com/errata/RHSA-2024:3423
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3411 https://access.redhat.com/errata/RHSA-2024:3411