RHSA-2024%3A7939
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-csi-snapshot-controller-rhel8@sha256:f2ceaad83e6c65a2d15f78226333707dfc8ff16ab1ae1262c5cb4520f77d5163_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-csi-snapshot-controller-rhel8@sha256:f2ceaad83e6c65a2d15f78226333707dfc8ff16ab1ae1262c5cb4520f77d5163_s390x |
| Red Hat | openshift4/ose-hypershift-rhel8@sha256:62b743d9e3182bd0e851fca05ad245e7136157506818ad1957892b01e678abaf_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ovirt-csi-driver-rhel8-operator@sha256:b6b0ca63b4ec5ffbc795a8d5199770941ef45bbe226c50bde08b748251dafcef_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ovirt-csi-driver-rhel8-operator@sha256:b6b0ca63b4ec5ffbc795a8d5199770941ef45bbe226c50bde08b748251dafcef_s390x |
| Red Hat | openshift4/ose-cluster-openshift-controller-manager-operator@sha256:51d38918257e9c6d53dec3b68ad4e826d185bfd14229e1dd99e47c985b47bcf2_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-openshift-controller-manager-operator@sha256:51d38918257e9c6d53dec3b68ad4e826d185bfd14229e1dd99e47c985b47bcf2_amd64 |
| Red Hat | openshift4/ovirt-csi-driver-rhel8@sha256:e4860a4d2c014f63595dcc0c8553faf692126a2c6c7f8d43beaffdd3ab12583a_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ovirt-csi-driver-rhel8@sha256:e4860a4d2c014f63595dcc0c8553faf692126a2c6c7f8d43beaffdd3ab12583a_s390x |
| Red Hat | openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:6541e31fa446791ec77694b903e88f3856ba045b8d3a0eec05fdcd3edb480cd1_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:6541e31fa446791ec77694b903e88f3856ba045b8d3a0eec05fdcd3edb480cd1_ppc64le |
| Red Hat | openshift4/ose-prom-label-proxy@sha256:e80a741fbe23fb183a0fe5962ed07e60d248be0d5881b9e58fc07a06d6ee0708_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-prom-label-proxy@sha256:e80a741fbe23fb183a0fe5962ed07e60d248be0d5881b9e58fc07a06d6ee0708_s390x |
| Red Hat | openshift4/ose-azure-disk-csi-driver-rhel8@sha256:40c976ff6426e1955b60691efce5b0f276a221ceda3d265512f244b07a8ab716_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-azure-disk-csi-driver-rhel8@sha256:40c976ff6426e1955b60691efce5b0f276a221ceda3d265512f244b07a8ab716_amd64 |
| Red Hat | openshift4/ose-csi-external-provisioner@sha256:1f017eabbd3a0bae11615cac5f1856f4f411e02b79610275a4b4280c93da65a7_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-csi-external-provisioner@sha256:1f017eabbd3a0bae11615cac5f1856f4f411e02b79610275a4b4280c93da65a7_arm64 |
| Red Hat | openshift4/openshift-route-controller-manager-rhel8@sha256:f24ee24f90786079e6f7d510c3d62acc32bf0d80201d695e9620038cb3176c57_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/openshift-route-controller-manager-rhel8@sha256:f24ee24f90786079e6f7d510c3d62acc32bf0d80201d695e9620038cb3176c57_s390x |
| Red Hat | openshift4/ose-kuryr-controller-rhel8@sha256:09c57f1b6e6f8b65423cd65569999067555028cdc02ac48bd0ba1549991bebe4_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-csi-driver-shared-resource-rhel8@sha256:05573ca2f30a905d4f4eedb0cb62fc5ef462357d219bf57e10fb82b81d6ac0ff_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-csi-driver-shared-resource-rhel8@sha256:05573ca2f30a905d4f4eedb0cb62fc5ef462357d219bf57e10fb82b81d6ac0ff_amd64 |
| Red Hat | openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:07ed0ffc54a04543502bfbc294082fb8bfc9186287ae4ecfb62c0b13cb86af6a_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:07ed0ffc54a04543502bfbc294082fb8bfc9186287ae4ecfb62c0b13cb86af6a_amd64 |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:b2ef7d5e04a91e3459bc5bf6f66367e8df6c5f5d4dcd61c0abb08eb14d816349_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-ingress-operator@sha256:b2ef7d5e04a91e3459bc5bf6f66367e8df6c5f5d4dcd61c0abb08eb14d816349_arm64 |
| Red Hat | openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:a73b9cfae3f7eceb3a7e6f38c7a082691e2564a8e2d2192892f171279870650e_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:a73b9cfae3f7eceb3a7e6f38c7a082691e2564a8e2d2192892f171279870650e_arm64 |
| Red Hat | openshift4/ose-cluster-monitoring-operator@sha256:6dd6ee3deb2c73cbd57dbbea6721d05a28619d709bba3dcee8f5ed0699f2b4b2_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-monitoring-operator@sha256:6dd6ee3deb2c73cbd57dbbea6721d05a28619d709bba3dcee8f5ed0699f2b4b2_s390x |
| Red Hat | openshift4/ose-cluster-monitoring-operator@sha256:148062a2c95022a8abd2c340371c1bd0b9609f06a775f24f4fa78021127ed3b0_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-monitoring-operator@sha256:148062a2c95022a8abd2c340371c1bd0b9609f06a775f24f4fa78021127ed3b0_amd64 |
| Red Hat | openshift4/ose-kuryr-cni-rhel8@sha256:40cc580b88fdf447ea25f33b50a13cc30bc09ff37d6385b3189c95aff46c5906_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-kuryr-cni-rhel8@sha256:40cc580b88fdf447ea25f33b50a13cc30bc09ff37d6385b3189c95aff46c5906_ppc64le |
| Red Hat | openshift4/ose-console@sha256:89372dc363b9cd194e37fdefa806ff5b356159d9337770b43895394ef435af51_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-ovirt-machine-controllers-rhel8@sha256:8a33c0734624f5fe1c68fd04ffbee0ca100e55aa91956dfe257df3cbabcf7799_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovirt-machine-controllers-rhel8@sha256:8a33c0734624f5fe1c68fd04ffbee0ca100e55aa91956dfe257df3cbabcf7799_s390x |
…and 634 more
Timeline
- Oct 16, 2024 CVE Published
- Apr 30, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:7939 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2273404 issue
- https://issues.redhat.com/browse/OCPBUGS-19068 advisory
- https://issues.redhat.com/browse/OCPBUGS-37834 advisory
- https://issues.redhat.com/browse/OCPBUGS-41247 advisory
- https://issues.redhat.com/browse/OCPBUGS-42146 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7939.json advisory
- https://access.redhat.com/security/cve/CVE-2024-2961 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-2961 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-2961 advisory
- https://www.openwall.com/lists/oss-security/2024/04/17/9 advisory