{"api_version":"1","generated_at":"2026-04-20T17:23:03+00:00","cve":"CVE-2024-2961","urls":{"html":"https://cve.report/CVE-2024-2961","api":"https://cve.report/api/cve/CVE-2024-2961.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-2961","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-2961"},"summary":{"title":"CVE-2024-2961","description":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.","state":"PUBLISHED","assigner":"glibc","published_at":"2024-04-17 18:15:15","updated_at":"2026-04-03 16:36:35"},"problem_types":["CWE-787","CWE-787 CWE-787 Out-of-bounds Write"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.3","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.3","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"}}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/18/4","name":"http://www.openwall.com/lists/oss-security/2024/04/18/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/24/2","name":"http://www.openwall.com/lists/oss-security/2024/04/24/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p1","name":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html","name":"https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p2","name":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20240531-0002/","name":"https://security.netapp.com/advisory/ntap-20240531-0002/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/6","name":"http://www.openwall.com/lists/oss-security/2024/05/27/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/4","name":"http://www.openwall.com/lists/oss-security/2024/05/27/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/5","name":"http://www.openwall.com/lists/oss-security/2024/05/27/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/2","name":"http://www.openwall.com/lists/oss-security/2024/05/27/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004","name":"https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/3","name":"http://www.openwall.com/lists/oss-security/2024/05/27/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/22/5","name":"http://www.openwall.com/lists/oss-security/2024/07/22/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/17/9","name":"http://www.openwall.com/lists/oss-security/2024/04/17/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p3","name":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/1","name":"http://www.openwall.com/lists/oss-security/2024/05/27/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-2961","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2961","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"The GNU C Library","product":"glibc","version":"affected 2.1.93 2.40 custom","platforms":[]},{"source":"ADP","vendor":"gnu","product":"glibc","version":"affected 2.1.93 2.40 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Charles Fol","lang":"en"}],"nvd_cpes":[{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h610c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h610c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h610s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h610s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h615c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h615c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"2961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_select_deploy_administration_utility","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"2961","cve":"CVE-2024-2961","epss":"0.921560000","percentile":"0.997090000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"glibc","vendor":"gnu","versions":[{"lessThan":"2.40","status":"affected","version":"2.1.93","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-2961","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-05-01T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-10-30T03:55:59.233Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-11-15T15:22:29.055Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p1"},{"url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p2"},{"url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p3"},{"tags":["x_transferred"],"url":"https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"},{"tags":["x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"},{"tags":["x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"},{"tags":["x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/04/24/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/04/17/9"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/04/18/4"},{"tags":["x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/05/27/2"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/05/27/6"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/05/27/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/05/27/4"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/05/27/5"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/05/27/3"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20240531-0002/"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/22/5"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"glibc","vendor":"The GNU C Library","versions":[{"lessThan":"2.40","status":"affected","version":"2.1.93","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Charles Fol"}],"datePublic":"2024-04-17T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.<br>"}],"value":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable."}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2024-07-22T18:06:06.282Z","orgId":"3ff69d7a-14f2-4f67-a097-88dee7810d18","shortName":"glibc"},"references":[{"url":"https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/24/2"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/17/9"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/18/4"},{"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/2"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/6"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/1"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/4"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/5"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/27/3"},{"url":"https://security.netapp.com/advisory/ntap-20240531-0002/"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/22/5"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"3ff69d7a-14f2-4f67-a097-88dee7810d18","assignerShortName":"glibc","cveId":"CVE-2024-2961","datePublished":"2024-04-17T17:27:40.541Z","dateReserved":"2024-03-26T19:29:31.186Z","dateUpdated":"2025-10-30T03:55:59.233Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-04-17 18:15:15","lastModifiedDate":"2026-04-03 16:36:35","problem_types":["CWE-787","CWE-787 CWE-787 Out-of-bounds Write"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":4.7}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1.93","versionEndExcluding":"2.40","matchCriteriaId":"6CD7A500-A255-4B32-AA0B-A6D80A84406E"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4A19610F-99F4-4417-A1C9-B6E67644283C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"F0B3D528-2FDC-409C-9E2D-CD24C89260B8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A62F5622-42A0-4515-908B-766C35F5D995"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"0D62A5D9-F68D-4AAA-8EE7-A99A75C3AC0E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"77CA07B4-6F60-4583-9005-814052140564"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"30796002-63B5-49DC-811A-CBB46E7057B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"75E26DD2-43C9-453C-A4BF-3E85771715E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"4654B685-C68E-4FBA-9491-4EECA06D4E90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08C564D8-E21F-403C-B4BB-7B14B7FB5DAE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*","matchCriteriaId":"8532F5F0-00A1-4FA9-A80B-09E46D03F74F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A9BC74D7-687D-46AA-862F-D755A3D1AA05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h610c:-:*:*:*:*:*:*:*","matchCriteriaId":"436851DF-1531-40CE-8C71-561978877E27"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"910D39ED-5E36-42F2-B824-E7F4A2ED0BD7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h610s:-:*:*:*:*:*:*:*","matchCriteriaId":"33960CC8-DC73-4E15-8A19-686F5F528006"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7AEAE936-CBDA-4C3A-B139-BE9C86EC6CB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h615c:-:*:*:*:*:*:*:*","matchCriteriaId":"D471C87E-D861-4AC7-9418-900858C5BF24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","matchCriteriaId":"E7CF3019-975D-40BB-A8A4-894E62BD3797"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"2961","Ordinal":"1","Title":"CVE-2024-2961","CVE":"CVE-2024-2961","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"2961","Ordinal":"1","NoteData":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.","Type":"Description","Title":"CVE-2024-2961"}]}}}