{"id":8681,"date":"2024-04-22T15:33:38","date_gmt":"2024-04-22T06:33:38","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8681"},"modified":"2025-01-12T15:36:58","modified_gmt":"2025-01-12T06:36:58","slug":"cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately\/","title":{"rendered":"CVE-2024-2961 \u2013 glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately"},"content":{"rendered":"\n<p>The vulnerability cataloged as CVE-2024-2961, is rated 8.8 on the CVSS scale and exists in the ISO-2022-CN-EXT plugin of glibc\u2019s icon library. This critical flaw occurs during the character set conversion process from UCS4, where specific escape characters are needed to indicate changes in the character set to the library. However, due to insufficient boundary checks on internal buffers, an out-of-bounds write can occur, allowing up to three bytes to be written outside the intended memory area.<\/p>\n\n\n\n<p class=\"has-text-align-left\">This vulnerability poses a significant risk as it compromises the Integrity, Confidentiality, and Availability (ICA) triad. Attackers could exploit this flaw by crafting malicious character sequences that trigger the out-of-bounds write, which may lead to remote code execution. The exploitation of this vulnerability could result in application crashes, arbitrary memory corruption, data overwrites, and even full system takeovers.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The vulnerability cataloged as CVE-2024-2961, is rated 8.8 on the CVSS scale and exists in the ISO-2022-CN-EXT plugin of glibc\u2019s icon library. This critical flaw occurs during the character set conversion process from UCS4, where specific escape characters are needed to indicate changes in the character set to the library. However, due to insufficient boundary checks on internal buffers, an<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8682,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10],"tags":[],"class_list":["post-8681","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2025\/01\/hooded-hacker-using-computer-dark-room-computer-security-concept-scaled.jpg?fit=1435%2C2560&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8681"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8681"}],"version-history":[{"count":2,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8681\/revisions"}],"predecessor-version":[{"id":8685,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8681\/revisions\/8685"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8682"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}