CVE-2024-2961
EUVD-2024-2790217.04.2024, 18:15
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.1.93 ≤ 𝑥 < 2.40 |
| netapp | active_iq_unified_manager | - |
| debian | debian_linux | 10.0 |
| netapp | hci_h300s_firmware | - |
| netapp | hci_h500s_firmware | - |
| netapp | hci_h700s_firmware | - |
| netapp | hci_h410s_firmware | - |
| netapp | hci_h410c_firmware | - |
| netapp | hci_h610c_firmware | - |
| netapp | hci_h610s_firmware | - |
| netapp | hci_h615c_firmware | - |
| netapp | hci_compute_node | - |
| netapp | ontap_select_deploy_administration_utility | - |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| gnu | glibc | 2.1.93 ≤ 𝑥 < 2.40 | ADP |
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| glibc |
| ||||||||||||||||||
| eglibc |
|
Common Weakness Enumeration
References