Menu
The vulnerability cataloged as CVE-2024-2961, is rated 8.8 on the CVSS scale and exists in the ISO-2022-CN-EXT plugin of glibc’s icon library. This critical flaw occurs during the character set conversion process from UCS4, where specific escape characters are needed to indicate changes in the character set to the library. However, due to insufficient boundary checks on internal buffers, an out-of-bounds write can occur, allowing up to three bytes to be written outside the intended memory area.
This vulnerability poses a significant risk as it compromises the Integrity, Confidentiality, and Availability (ICA) triad. Attackers could exploit this flaw by crafting malicious character sequences that trigger the out-of-bounds write, which may lead to remote code execution. The exploitation of this vulnerability could result in application crashes, arbitrary memory corruption, data overwrites, and even full system takeovers.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
