Buffer Overflow Vulnerability in GNU C Library's iconv() Function

CVE-2024-2961

Currently unrated 🤨

Key Information

Vendor
The Gnu C Library
Status
Glibc
Vendor
CVE Published:
17 April 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

What is CVE-2024-2961?

CVE-2024-2961 is a buffer overflow vulnerability identified in the GNU C Library (glibc), specifically in the iconv() function. This library is essential in providing core functionalities for C programming, including character set conversion. The vulnerability affects versions 2.39 and older and can lead to significant negative consequences such as application crashes or the potential overwriting of adjacent memory variables. Organizations relying on these versions of glibc are particularly at risk, as the exploitation of this vulnerability can compromise application stability and data integrity.

Technical Details

The vulnerability arises from the way the iconv() function handles string conversion, particularly when converting to the ISO-2022-CN-EXT character set. When processing input strings that exceed the allocated output buffer size, the function may result in a buffer overflow of up to 4 bytes. This flaw not only creates instability in applications leveraging this function but also opens the door for attackers to manipulate memory allocation practices.

Impact of the Vulnerability

  1. Application Crashes: Exploiting this vulnerability can lead to application crashes, rendering critical systems non-functional during an attack.

  2. Memory Corruption: The overflow can overwrite neighboring memory variables, potentially leading to undefined behavior in the application, which can be exploited by malicious actors for further attacks.

  3. Increased Attack Surface: The vulnerability may be leveraged as part of broader attacks, allowing attackers to gain deeper access to systems and execute arbitrary code if combined with other vulnerabilities or attack vectors.

Affected Version(s)

glibc < 2.40

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cnext-exploits
Created by ambionics

FIX-CVE-2024-2961
Created by mattaperkins

News Articles

favicon imageThe Hacker News

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Critical Adobe Commerce vulnerability "CosmicSting" compromises 5% of stores. Urgent patching and key rotation required to prevent data theft.

3 months ago

Refferences

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisori...
https://lists.fedoraproject.org/archives/list/package-ann...
https://lists.fedoraproject.org/archives/list/package-ann...
https://lists.fedoraproject.org/archives/list/package-ann...
http://www.openwall.com/lists/oss-security/2024/04/24/2
http://www.openwall.com/lists/oss-security/2024/04/17/9
http://www.openwall.com/lists/oss-security/2024/04/18/4
https://lists.debian.org/debian-lts-announce/2024/05/msg0...
http://www.openwall.com/lists/oss-security/2024/05/27/2
http://www.openwall.com/lists/oss-security/2024/05/27/6
http://www.openwall.com/lists/oss-security/2024/05/27/1
http://www.openwall.com/lists/oss-security/2024/05/27/4
http://www.openwall.com/lists/oss-security/2024/05/27/5
http://www.openwall.com/lists/oss-security/2024/05/27/3
https://security.netapp.com/advisory/ntap-20240531-0002/
http://www.openwall.com/lists/oss-security/2024/07/22/5

Timeline

  • Vulnerability started trending

  • 😈

    Used in Ransomware

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • First article discovered by Habr

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)28 News Article(s)

Credit

Charles Fol
.