VDB
DEBIAN-CVE-2024-2961
DEBIAN-CVE-2024-2961
PUBLISHED
CVSS 7.300000190734863 HIGH
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | glibc | 2.31-13, 2.31-13, 0 |
| Debian:13 | glibc | 0, 0 |
| Debian:14 | glibc | 0, 0 |
| Debian:12 | glibc | 2.36-9+deb12u3, 2.36-9+deb12u4, 2.36-9+deb12u5 |
Exploit Intelligence
- CVE-2024–2961 Security Issue Mitigation Script (github-poc)
- A WordPress demo lab for CVE-2024-2961 & CVE-2024-29510 (github-poc)
- A WordPress demo lab for CVE-2024-2961 & CVE-2024-29510 (github-poc-repo)
- PHP RCE CVE-2024-2961 Nucleus Hackathon Demo (github-poc-repo)
- PHP RCE CVE-2024-2961 Nucleus Hackathon Demo (github-poc)
- PHP RCE CVE-2024-2961 Nucleus Hackathon Demo (github-poc-repo)
- PHP RCE CVE-2024-2961 Nucleus Hackathon Demo (github-poc)
- Uses CVE-2024-2961 to perform an arbitrary file read (github-poc-repo)
- Exploit for CVE-2023-26326 in the WordPress BuddyForms plugin, leveraging CVE-2024-2961 for remote code execution. This exploit bypasses PHP 8+ deserialization limitations by chaining vulnerabilities with php://filter. (github-poc-repo)
- CVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7 (github-poc-repo)
…and 27 more exploits
Timeline
- Apr 17, 2024 CVE Published
- Apr 28, 2026 CVE Updated