High severity7.3NVD Advisory· Published Apr 17, 2024· Updated May 12, 2026

CVE-2024-2961

Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Affected products

GNU/Glibc
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Range: >=2.1.93,<2.40
NetApp/Active Iq Unified Manager
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp/Ontap Select Deploy Administration Utility
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
NetApp/Hci Compute Node
cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*
NetApp/Hci H300s Firmware
cpe:2.3:o:netapp:hci_h300s_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H410c Firmware
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H410s Firmware
cpe:2.3:o:netapp:hci_h410s_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H500s Firmware
cpe:2.3:o:netapp:hci_h500s_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H610c Firmware
cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H610s Firmware
cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H615c Firmware
cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*
NetApp/Hci H700s Firmware
cpe:2.3:o:netapp:hci_h700s_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2024/04/17/9nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/04/18/4nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/04/24/2nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/05/27/1nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/05/27/2nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/05/27/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/05/27/4nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/05/27/5nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/05/27/6nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2024/07/22/5nvdMailing ListThird Party Advisory
lists.debian.org/debian-lts-announce/2024/05/msg00001.htmlnvdMailing ListThird Party Advisory
security.netapp.com/advisory/ntap-20240531-0002/nvdThird Party Advisory
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/nvdBroken Link
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/nvdBroken Link
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/nvdBroken Link
www.ambionics.io/blog/iconv-cve-2024-2961-p1nvdBroken Link
www.ambionics.io/blog/iconv-cve-2024-2961-p2nvdBroken Link
www.ambionics.io/blog/iconv-cve-2024-2961-p3nvdBroken Link
cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000