public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc] Document CVE-2024-2961
@ 2024-04-17 17:25 Adhemerval Zanella
  0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella @ 2024-04-17 17:25 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6a98f4640ea453fe048d3a49944044bce2c4c641

commit 6a98f4640ea453fe048d3a49944044bce2c4c641
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Wed Apr 17 14:24:26 2024 -0300

    Document CVE-2024-2961
    
    This commit adds "advisories" entries for the above three CVEs.

Diff:
---
 advisories/GLIBC-SA-2024-0004 | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/advisories/GLIBC-SA-2024-0004 b/advisories/GLIBC-SA-2024-0004
new file mode 100644
index 0000000000..8a6efd235e
--- /dev/null
+++ b/advisories/GLIBC-SA-2024-0004
@@ -0,0 +1,27 @@
+ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
+
+The iconv() function in the GNU C Library versions 2.39 and older may 
+overflow the output buffer passed to it by up to 4 bytes when converting 
+strings to the ISO-2022-CN-EXT character set, which may be used to 
+crash an application or overwrite a neighbouring variable.
+
+ISO-2022-CN-EXT uses escape sequences to indicate character set changes
+(as specified by RFC 1922).  While the SOdesignation has the expected
+bounds checks, neither SS2designation nor SS3designation have its;
+allowing a write overflow of 1, 2, or 3 bytes with fixed values:
+'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.
+
+CVE-Id: CVE-2024-2961
+Public-Date: 2024-04-17
+Vulnerable-Commit: 755104edc75c53f4a0e7440334e944ad3c6b32fc (2.1.93-169)
+Fix-Commit: f9dc609e06b1136bb0408be9605ce7973a767ada (2.40)
+Fix-Commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4 (2.39-31)
+Fix-Commit: e1135387deded5d73924f6ca20c72a35dc8e1bda (2.38-66)
+Fix-Commit: 89ce64b269a897a7780e4c73a7412016381c6ecf (2.37-89)
+Fix-Commit: 4ed98540a7fd19f458287e783ae59c41e64df7b5 (2.36-164)
+Fix-Commit: 36280d1ce5e245aabefb877fe4d3c6cff95dabfa (2.35-315)
+Fix-Commit: a8b0561db4b9847ebfbfec20075697d5492a363c (2.34-459)
+Fix-Commit: ed4f16ff6bed3037266f1fa682ebd32a18fce29c (2.33-263)
+Fix-Commit: 682ad4c8623e611a971839990ceef00346289cc9 (2.32-140)
+
+Reported-by: Charles Fol

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-04-17 17:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-17 17:25 [glibc] Document CVE-2024-2961 Adhemerval Zanella

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).