VDB

DEBIAN-CVE-2024-2961

DEBIAN-CVE-2024-2961 PUBLISHED CVSS 7.300000190734863 HIGH

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Risk Scores

CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products

VendorProductVersions
Debian:11glibc2.31-13, 2.31-13, 0
Debian:13glibc0, 0
Debian:14glibc0, 0
Debian:12glibc2.36-9+deb12u3, 2.36-9+deb12u4, 2.36-9+deb12u5

Timeline

  • Apr 17, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›