Bug 2273404 (CVE-2024-2961)
Summary: | CVE-2024-2961 glibc: Out of bounds write in iconv may lead to remote code execution | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marco Benatto <mbenatto> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aarif, agarcial, aoconnor, aprice, asegurap, ashankar, bdettelb, caswilli, codonell, dbodnarc, dfreiber, dhalasz, dkuc, drow, fjansen, fweimer, ggastald, hkataria, jburrell, jbuscemi, jmitchel, jsamir, jsherril, jtanner, kaycoth, kholdawa, kshier, kyoshida, luizcosta, mcoufal, mpierce, nweather, oezr, orabin, psegedy, ricardo.barberis, sbiarozk, security-response-team, sidakwo, sipoyare, skolosov, stcannon, sthirugn, vkrizan, vkumar, vmugicag, xiaoxwan, yguenane, zzhou |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | Flags: | mbenatto:
needinfo?
(kyoshida) |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2275855, 2275933 | ||
Bug Blocks: | 2273407 |
Description
Marco Benatto
2024-04-04 15:43:00 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 2275855] Created glibc tracking bugs for this issue: Affects: fedora-rawhide [bug 2275933] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2722 https://access.redhat.com/errata/RHSA-2024:2722 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:2799 https://access.redhat.com/errata/RHSA-2024:2799 |