CVE-2024-2961

7.3 HIGH
Published: April 17, 2024 Modified: April 03, 2026
View on NVD

Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/17/9
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/18/4
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/24/2
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/1
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/2
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/3
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/4
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/5
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/6
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/22/5
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Broken Link
https://security.netapp.com/advisory/ntap-20240531-0002/
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
Source: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/17/9
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/18/4
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/24/2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/1
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/3
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/4
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/5
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/6
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/22/5
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://security.netapp.com/advisory/ntap-20240531-0002/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

35 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.3 / 10.0
EPSS (Exploit Probability)
92.2%
100th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-787

Affected Vendors

gnu netapp debian

Related CVEs

CVE-2026-5847 4.3
CVE-2026-5844 7.2
CVE-2026-5842 7.3
CVE-2026-5841 7.3
CVE-2026-5840 4.7