vulnerability
Oracle Linux: CVE-2024-2961: ELSA-2024-12444: glibc security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | 04/17/2024 | 05/09/2024 | 12/24/2024 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
04/17/2024
Added
05/09/2024
Modified
12/24/2024
Description
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
Solution(s)
oracle-linux-upgrade-compat-libpthread-nonsharedoracle-linux-upgrade-glibcoracle-linux-upgrade-glibc-all-langpacksoracle-linux-upgrade-glibc-benchtestsoracle-linux-upgrade-glibc-commonoracle-linux-upgrade-glibc-develoracle-linux-upgrade-glibc-docoracle-linux-upgrade-glibc-gconv-extraoracle-linux-upgrade-glibc-headersoracle-linux-upgrade-glibc-langpack-aaoracle-linux-upgrade-glibc-langpack-aforacle-linux-upgrade-glibc-langpack-agroracle-linux-upgrade-glibc-langpack-akoracle-linux-upgrade-glibc-langpack-amoracle-linux-upgrade-glibc-langpack-anoracle-linux-upgrade-glibc-langpack-anporacle-linux-upgrade-glibc-langpack-aroracle-linux-upgrade-glibc-langpack-asoracle-linux-upgrade-glibc-langpack-astoracle-linux-upgrade-glibc-langpack-aycoracle-linux-upgrade-glibc-langpack-azoracle-linux-upgrade-glibc-langpack-beoracle-linux-upgrade-glibc-langpack-bemoracle-linux-upgrade-glibc-langpack-beroracle-linux-upgrade-glibc-langpack-bgoracle-linux-upgrade-glibc-langpack-bhboracle-linux-upgrade-glibc-langpack-bhooracle-linux-upgrade-glibc-langpack-bioracle-linux-upgrade-glibc-langpack-bnoracle-linux-upgrade-glibc-langpack-booracle-linux-upgrade-glibc-langpack-broracle-linux-upgrade-glibc-langpack-brxoracle-linux-upgrade-glibc-langpack-bsoracle-linux-upgrade-glibc-langpack-bynoracle-linux-upgrade-glibc-langpack-caoracle-linux-upgrade-glibc-langpack-ceoracle-linux-upgrade-glibc-langpack-chroracle-linux-upgrade-glibc-langpack-ckboracle-linux-upgrade-glibc-langpack-cmnoracle-linux-upgrade-glibc-langpack-crhoracle-linux-upgrade-glibc-langpack-csoracle-linux-upgrade-glibc-langpack-csboracle-linux-upgrade-glibc-langpack-cvoracle-linux-upgrade-glibc-langpack-cyoracle-linux-upgrade-glibc-langpack-daoracle-linux-upgrade-glibc-langpack-deoracle-linux-upgrade-glibc-langpack-doioracle-linux-upgrade-glibc-langpack-dsboracle-linux-upgrade-glibc-langpack-dvoracle-linux-upgrade-glibc-langpack-dzoracle-linux-upgrade-glibc-langpack-eloracle-linux-upgrade-glibc-langpack-enoracle-linux-upgrade-glibc-langpack-eooracle-linux-upgrade-glibc-langpack-esoracle-linux-upgrade-glibc-langpack-etoracle-linux-upgrade-glibc-langpack-euoracle-linux-upgrade-glibc-langpack-faoracle-linux-upgrade-glibc-langpack-fforacle-linux-upgrade-glibc-langpack-fioracle-linux-upgrade-glibc-langpack-filoracle-linux-upgrade-glibc-langpack-fooracle-linux-upgrade-glibc-langpack-froracle-linux-upgrade-glibc-langpack-furoracle-linux-upgrade-glibc-langpack-fyoracle-linux-upgrade-glibc-langpack-gaoracle-linux-upgrade-glibc-langpack-gdoracle-linux-upgrade-glibc-langpack-gezoracle-linux-upgrade-glibc-langpack-gloracle-linux-upgrade-glibc-langpack-guoracle-linux-upgrade-glibc-langpack-gvoracle-linux-upgrade-glibc-langpack-haoracle-linux-upgrade-glibc-langpack-hakoracle-linux-upgrade-glibc-langpack-heoracle-linux-upgrade-glibc-langpack-hioracle-linux-upgrade-glibc-langpack-hiforacle-linux-upgrade-glibc-langpack-hneoracle-linux-upgrade-glibc-langpack-hroracle-linux-upgrade-glibc-langpack-hsboracle-linux-upgrade-glibc-langpack-htoracle-linux-upgrade-glibc-langpack-huoracle-linux-upgrade-glibc-langpack-hyoracle-linux-upgrade-glibc-langpack-iaoracle-linux-upgrade-glibc-langpack-idoracle-linux-upgrade-glibc-langpack-igoracle-linux-upgrade-glibc-langpack-ikoracle-linux-upgrade-glibc-langpack-isoracle-linux-upgrade-glibc-langpack-itoracle-linux-upgrade-glibc-langpack-iuoracle-linux-upgrade-glibc-langpack-jaoracle-linux-upgrade-glibc-langpack-kaoracle-linux-upgrade-glibc-langpack-kaboracle-linux-upgrade-glibc-langpack-kkoracle-linux-upgrade-glibc-langpack-kloracle-linux-upgrade-glibc-langpack-kmoracle-linux-upgrade-glibc-langpack-knoracle-linux-upgrade-glibc-langpack-kooracle-linux-upgrade-glibc-langpack-kokoracle-linux-upgrade-glibc-langpack-ksoracle-linux-upgrade-glibc-langpack-kuoracle-linux-upgrade-glibc-langpack-kworacle-linux-upgrade-glibc-langpack-kyoracle-linux-upgrade-glibc-langpack-lboracle-linux-upgrade-glibc-langpack-lgoracle-linux-upgrade-glibc-langpack-lioracle-linux-upgrade-glibc-langpack-lijoracle-linux-upgrade-glibc-langpack-lnoracle-linux-upgrade-glibc-langpack-looracle-linux-upgrade-glibc-langpack-ltoracle-linux-upgrade-glibc-langpack-lvoracle-linux-upgrade-glibc-langpack-lzhoracle-linux-upgrade-glibc-langpack-magoracle-linux-upgrade-glibc-langpack-maioracle-linux-upgrade-glibc-langpack-mfeoracle-linux-upgrade-glibc-langpack-mgoracle-linux-upgrade-glibc-langpack-mhroracle-linux-upgrade-glibc-langpack-mioracle-linux-upgrade-glibc-langpack-miqoracle-linux-upgrade-glibc-langpack-mjworacle-linux-upgrade-glibc-langpack-mkoracle-linux-upgrade-glibc-langpack-mloracle-linux-upgrade-glibc-langpack-mnoracle-linux-upgrade-glibc-langpack-mnioracle-linux-upgrade-glibc-langpack-mnworacle-linux-upgrade-glibc-langpack-mroracle-linux-upgrade-glibc-langpack-msoracle-linux-upgrade-glibc-langpack-mtoracle-linux-upgrade-glibc-langpack-myoracle-linux-upgrade-glibc-langpack-nanoracle-linux-upgrade-glibc-langpack-nboracle-linux-upgrade-glibc-langpack-ndsoracle-linux-upgrade-glibc-langpack-neoracle-linux-upgrade-glibc-langpack-nhnoracle-linux-upgrade-glibc-langpack-niuoracle-linux-upgrade-glibc-langpack-nloracle-linux-upgrade-glibc-langpack-nnoracle-linux-upgrade-glibc-langpack-nroracle-linux-upgrade-glibc-langpack-nsooracle-linux-upgrade-glibc-langpack-ocoracle-linux-upgrade-glibc-langpack-omoracle-linux-upgrade-glibc-langpack-ororacle-linux-upgrade-glibc-langpack-osoracle-linux-upgrade-glibc-langpack-paoracle-linux-upgrade-glibc-langpack-paporacle-linux-upgrade-glibc-langpack-ploracle-linux-upgrade-glibc-langpack-psoracle-linux-upgrade-glibc-langpack-ptoracle-linux-upgrade-glibc-langpack-quzoracle-linux-upgrade-glibc-langpack-rajoracle-linux-upgrade-glibc-langpack-rooracle-linux-upgrade-glibc-langpack-ruoracle-linux-upgrade-glibc-langpack-rworacle-linux-upgrade-glibc-langpack-saoracle-linux-upgrade-glibc-langpack-sahoracle-linux-upgrade-glibc-langpack-satoracle-linux-upgrade-glibc-langpack-scoracle-linux-upgrade-glibc-langpack-sdoracle-linux-upgrade-glibc-langpack-seoracle-linux-upgrade-glibc-langpack-sgsoracle-linux-upgrade-glibc-langpack-shnoracle-linux-upgrade-glibc-langpack-shsoracle-linux-upgrade-glibc-langpack-sioracle-linux-upgrade-glibc-langpack-sidoracle-linux-upgrade-glibc-langpack-skoracle-linux-upgrade-glibc-langpack-sloracle-linux-upgrade-glibc-langpack-smoracle-linux-upgrade-glibc-langpack-sooracle-linux-upgrade-glibc-langpack-sqoracle-linux-upgrade-glibc-langpack-sroracle-linux-upgrade-glibc-langpack-ssoracle-linux-upgrade-glibc-langpack-storacle-linux-upgrade-glibc-langpack-svoracle-linux-upgrade-glibc-langpack-sworacle-linux-upgrade-glibc-langpack-szloracle-linux-upgrade-glibc-langpack-taoracle-linux-upgrade-glibc-langpack-tcyoracle-linux-upgrade-glibc-langpack-teoracle-linux-upgrade-glibc-langpack-tgoracle-linux-upgrade-glibc-langpack-thoracle-linux-upgrade-glibc-langpack-theoracle-linux-upgrade-glibc-langpack-tioracle-linux-upgrade-glibc-langpack-tigoracle-linux-upgrade-glibc-langpack-tkoracle-linux-upgrade-glibc-langpack-tloracle-linux-upgrade-glibc-langpack-tnoracle-linux-upgrade-glibc-langpack-tooracle-linux-upgrade-glibc-langpack-tpioracle-linux-upgrade-glibc-langpack-troracle-linux-upgrade-glibc-langpack-tsoracle-linux-upgrade-glibc-langpack-ttoracle-linux-upgrade-glibc-langpack-ugoracle-linux-upgrade-glibc-langpack-ukoracle-linux-upgrade-glibc-langpack-unmoracle-linux-upgrade-glibc-langpack-uroracle-linux-upgrade-glibc-langpack-uzoracle-linux-upgrade-glibc-langpack-veoracle-linux-upgrade-glibc-langpack-vioracle-linux-upgrade-glibc-langpack-waoracle-linux-upgrade-glibc-langpack-waeoracle-linux-upgrade-glibc-langpack-waloracle-linux-upgrade-glibc-langpack-wooracle-linux-upgrade-glibc-langpack-xhoracle-linux-upgrade-glibc-langpack-yioracle-linux-upgrade-glibc-langpack-yooracle-linux-upgrade-glibc-langpack-yueoracle-linux-upgrade-glibc-langpack-yuworacle-linux-upgrade-glibc-langpack-zhoracle-linux-upgrade-glibc-langpack-zuoracle-linux-upgrade-glibc-locale-sourceoracle-linux-upgrade-glibc-minimal-langpackoracle-linux-upgrade-glibc-nss-develoracle-linux-upgrade-glibc-staticoracle-linux-upgrade-glibc-utilsoracle-linux-upgrade-libnsloracle-linux-upgrade-nscdoracle-linux-upgrade-nss-dboracle-linux-upgrade-nss-hesiod
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.