Bug 2273404 (CVE-2024-2961)
| Summary: | CVE-2024-2961 glibc: Out of bounds write in iconv may lead to remote code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marco Benatto <mbenatto> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aarif, agarcial, ahrabovs, anstephe, aoconnor, aprice, asegurap, ashankar, asoldano, ataylor, aucunnin, avibelli, bbaranow, bdettelb, bgeorges, bmaxwell, brian.stansberry, caswilli, cdewolf, chazlett, clement.escoffier, codonell, crizzo, dandread, darran.lofthouse, dbodnarc, dfreiber, dj, dkreling, dkuc, doconnor, dosoudil, drow, fjansen, fjuma, fweimer, ggastald, gsmet, hkataria, istudens, ivassile, iweiss, jburrell, jdobes, jmartisk, jmitchel, jsamir, jsherril, jtanner, jvasik, kaycoth, kholdawa, kshier, kyoshida, lcouzens, lgao, lthon, luizcosta, manderse, mcoufal, mosmerov, mpierce, mskarbek, msochure, mstoklus, msvehla, nwallace, nweather, oezr, olubyans, orabin, pfrankli, pgallagh, pjindal, pmackay, probinso, rblanco, ricardo.barberis, rruss, rstancel, rsvoboda, sausingh, sbiarozk, sdouglas, security-response-team, sidakwo, sipoyare, skolosov, smaestri, stcannon, sthirugn, teagle, tom.jenkinson, tqvarnst, vkrizan, vkumar, vmugicag, xiaoxwan, yguenane, zzhou |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2275855, 2275933 | ||
| Bug Blocks: | 2273407 | ||
|
Description
Marco Benatto
2024-04-04 15:43:00 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 2275855] Created glibc tracking bugs for this issue: Affects: fedora-rawhide [bug 2275933] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2722 https://access.redhat.com/errata/RHSA-2024:2722 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:2799 https://access.redhat.com/errata/RHSA-2024:2799 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3269 https://access.redhat.com/errata/RHSA-2024:3269 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:3309 https://access.redhat.com/errata/RHSA-2024:3309 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:3312 https://access.redhat.com/errata/RHSA-2024:3312 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3339 https://access.redhat.com/errata/RHSA-2024:3339 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3423 https://access.redhat.com/errata/RHSA-2024:3423 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3411 https://access.redhat.com/errata/RHSA-2024:3411 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:3464 https://access.redhat.com/errata/RHSA-2024:3464 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:3588 https://access.redhat.com/errata/RHSA-2024:3588 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:7590 https://access.redhat.com/errata/RHSA-2024:7590 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:7594 https://access.redhat.com/errata/RHSA-2024:7594 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:7939 https://access.redhat.com/errata/RHSA-2024:7939 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:8235 https://access.redhat.com/errata/RHSA-2024:8235 |