Techly NewsGet the app

Get the latest tech news

Glibc Buffer Overflow in Iconv


Date: Thu, 18 Apr 2024 18:42:42 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence On Wed, Apr 17, 2024 at 02:36:02PM -0300, Adhemerval Zanella Netto wrote: > GLIBC-SA-2024-0004: > =================== > ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence > > The iconv() function in the GNU C Library versions 2.39 and older may > overflow the output buffer passed to it by up to 4 bytes when converting > strings to the ISO-2022-CN-EXT character set, which may be used to > crash an application or overwrite a neighbouring variable. > > ISO-2022-CN-EXT uses escape sequences to indicate character set changes > (as specified by RFC 1922).

Date: Thu, 18 Apr 2024 18:42:42 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence On Wed, Apr 17, 2024 at 02:36:02PM -0300, Adhemerval Zanella Netto wrote: > GLIBC-SA-2024-0004: > =================== > ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence > > The iconv() function in the GNU C Library versions 2.39 and older may > overflow the output buffer passed to it by up to 4 bytes when converting > strings to the ISO-2022-CN-EXT character set, which may be used to > crash an application or overwrite a neighbouring variable. While the SOdesignation has the expected > bounds checks, neither SS2designation nor SS3designation have its; > allowing a write overflow of 1, 2, or 3 bytes with fixed values: > '$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. He has discovered remote code execution vulnerabilities > targeting renowned CMS and frameworks such as Drupal, Magento, Symfony > or Laravel, but also enjoys binary exploitation, to escalate privileges > (Apache, PHP-FPM) or compromise security solutions (DataDog's Sqreen, > Fortinet SSL VPN, Watchguard).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Glibc Buffer

Glibc Buffer

Photo of Iconv

Iconv

« Could GPT help with dating anxiety?
The Psychology of Getting High–A Lot »