From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1791) id 01E3D3858D20; Wed, 17 Apr 2024 17:25:18 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 01E3D3858D20 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1713374719; bh=N8EgC0sIGC6TVaorRav7CKPsQ2/+TNJEaX/sQ7y6WFU=; h=From:To:Subject:Date:From; b=voyk0e9lXONnkcgwr7KrCZGTZ/TyKiNVNnWWApfiOigGpAZVQZWkrxd9TK5tLywE4 IWyN1RJ9VAp2mEJvJ54X3iXR57okvrwubVGADpPi6zRZJQs9ResFo68P5646MZ3pwi e/X1P5rp9el7CYs0mwhXtGr5/KlNTTp0tx3nrtgA= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Adhemerval Zanella To: glibc-cvs@sourceware.org Subject: [glibc] Document CVE-2024-2961 X-Act-Checkin: glibc X-Git-Author: Adhemerval Zanella X-Git-Refname: refs/heads/master X-Git-Oldrev: f9dc609e06b1136bb0408be9605ce7973a767ada X-Git-Newrev: 6a98f4640ea453fe048d3a49944044bce2c4c641 Message-Id: <20240417172519.01E3D3858D20@sourceware.org> Date: Wed, 17 Apr 2024 17:25:18 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6a98f4640ea453fe048d3a49944044bce2c4c641 commit 6a98f4640ea453fe048d3a49944044bce2c4c641 Author: Adhemerval Zanella Date: Wed Apr 17 14:24:26 2024 -0300 Document CVE-2024-2961 This commit adds "advisories" entries for the above three CVEs. Diff: --- advisories/GLIBC-SA-2024-0004 | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/advisories/GLIBC-SA-2024-0004 b/advisories/GLIBC-SA-2024-0004 new file mode 100644 index 0000000000..8a6efd235e --- /dev/null +++ b/advisories/GLIBC-SA-2024-0004 @@ -0,0 +1,27 @@ +ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence + +The iconv() function in the GNU C Library versions 2.39 and older may +overflow the output buffer passed to it by up to 4 bytes when converting +strings to the ISO-2022-CN-EXT character set, which may be used to +crash an application or overwrite a neighbouring variable. + +ISO-2022-CN-EXT uses escape sequences to indicate character set changes +(as specified by RFC 1922). While the SOdesignation has the expected +bounds checks, neither SS2designation nor SS3designation have its; +allowing a write overflow of 1, 2, or 3 bytes with fixed values: +'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. + +CVE-Id: CVE-2024-2961 +Public-Date: 2024-04-17 +Vulnerable-Commit: 755104edc75c53f4a0e7440334e944ad3c6b32fc (2.1.93-169) +Fix-Commit: f9dc609e06b1136bb0408be9605ce7973a767ada (2.40) +Fix-Commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4 (2.39-31) +Fix-Commit: e1135387deded5d73924f6ca20c72a35dc8e1bda (2.38-66) +Fix-Commit: 89ce64b269a897a7780e4c73a7412016381c6ecf (2.37-89) +Fix-Commit: 4ed98540a7fd19f458287e783ae59c41e64df7b5 (2.36-164) +Fix-Commit: 36280d1ce5e245aabefb877fe4d3c6cff95dabfa (2.35-315) +Fix-Commit: a8b0561db4b9847ebfbfec20075697d5492a363c (2.34-459) +Fix-Commit: ed4f16ff6bed3037266f1fa682ebd32a18fce29c (2.33-263) +Fix-Commit: 682ad4c8623e611a971839990ceef00346289cc9 (2.32-140) + +Reported-by: Charles Fol