CVE-2024-2961 — HIGH (7.3) — White Hats Nepal

Q: How severe is CVE-2024-2961?

CVE-2024-2961 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-2961?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Netapp Active Iq Unified Manager, Debian Debian Linux, Netapp Hci H300S Firmware, Netapp Hci H300S.

Vulnerability Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Glibc	>= 2.1.93, < 2.40
Netapp	Active Iq Unified Manager	-
Debian	Debian Linux	10.0
Netapp	Hci H300S Firmware	-
Netapp	Hci H300S	-
Netapp	Hci H500S Firmware	-
Netapp	Hci H500S	-
Netapp	Hci H700S Firmware	-
Netapp	Hci H700S	-
Netapp	Hci H410S Firmware	-
Netapp	Hci H410S	-
Netapp	Hci H410C Firmware	-
Netapp	Hci H410C	-
Netapp	Hci H610C Firmware	-
Netapp	Hci H610C	-
Netapp	Hci H610S Firmware	-
Netapp	Hci H610S	-
Netapp	Hci H615C Firmware	-
Netapp	Hci H615C	-
Netapp	Hci Compute Node	-

Related Weaknesses (CWE)

CWE-787

References

http://www.openwall.com/lists/oss-security/2024/04/17/9Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/18/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/24/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/5Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/27/6Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/22/5Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00001.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Broken Link
https://lists.fedoraproject.org/archives/list/[email protected]Broken Link
https://lists.fedoraproject.org/archives/list/[email protected]Broken Link
https://security.netapp.com/advisory/ntap-20240531-0002/Third Party Advisory

FAQ

What is CVE-2024-2961?

CVE-2024-2961 is a vulnerability with a CVSS score of 7.3 (HIGH). The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may b...

How severe is CVE-2024-2961?

CVE-2024-2961 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-2961?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Netapp Active Iq Unified Manager, Debian Debian Linux, Netapp Hci H300S Firmware, Netapp Hci H300S.