CVE-2024-2961

{"id": "CVE-2024-2961", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.5}]}, "published": "2024-04-17T18:15:15.833", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/04/17/9", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/18/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/24/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "tags": ["Broken Link"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "tags": ["Broken Link"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "tags": ["Broken Link"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0002/", "tags": ["Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "tags": ["Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/17/9", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/18/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/24/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/27/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0002/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable."}, {"lang": "es", "value": "La funci\u00f3n iconv() en las versiones 2.39 y anteriores de la librer\u00eda GNU C puede desbordar el b\u00fafer de salida que se le pasa hasta en 4 bytes al convertir cadenas al juego de caracteres ISO-2022-CN-EXT, lo que puede usarse para bloquear una aplicaci\u00f3n. o sobrescribir una variable vecina."}], "lastModified": "2026-04-03T16:36:35.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CD7A500-A255-4B32-AA0B-A6D80A84406E", "versionEndExcluding": "2.40", "versionStartIncluding": "2.1.93"}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h300s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A19610F-99F4-4417-A1C9-B6E67644283C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h300s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F0B3D528-2FDC-409C-9E2D-CD24C89260B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h500s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A62F5622-42A0-4515-908B-766C35F5D995"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D62A5D9-F68D-4AAA-8EE7-A99A75C3AC0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77CA07B4-6F60-4583-9005-814052140564"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30796002-63B5-49DC-811A-CBB46E7057B1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h410s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75E26DD2-43C9-453C-A4BF-3E85771715E5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h410s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4654B685-C68E-4FBA-9491-4EECA06D4E90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8532F5F0-00A1-4FA9-A80B-09E46D03F74F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BC74D7-687D-46AA-862F-D755A3D1AA05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h610c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "436851DF-1531-40CE-8C71-561978877E27"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "910D39ED-5E36-42F2-B824-E7F4A2ED0BD7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h610s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33960CC8-DC73-4E15-8A19-686F5F528006"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AEAE936-CBDA-4C3A-B139-BE9C86EC6CB7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h615c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D471C87E-D861-4AC7-9418-900858C5BF24"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"}], "operator": "OR"}]}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}