2024-04-17 17:24:26 +00:00
|
|
|
ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
|
|
|
|
|
|
|
|
The iconv() function in the GNU C Library versions 2.39 and older may
|
|
|
|
overflow the output buffer passed to it by up to 4 bytes when converting
|
|
|
|
strings to the ISO-2022-CN-EXT character set, which may be used to
|
|
|
|
crash an application or overwrite a neighbouring variable.
|
|
|
|
|
|
|
|
ISO-2022-CN-EXT uses escape sequences to indicate character set changes
|
|
|
|
(as specified by RFC 1922). While the SOdesignation has the expected
|
|
|
|
bounds checks, neither SS2designation nor SS3designation have its;
|
|
|
|
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
|
|
|
|
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.
|
|
|
|
|
|
|
|
CVE-Id: CVE-2024-2961
|
|
|
|
Public-Date: 2024-04-17
|
|
|
|
Vulnerable-Commit: 755104edc75c53f4a0e7440334e944ad3c6b32fc (2.1.93-169)
|
|
|
|
Fix-Commit: f9dc609e06b1136bb0408be9605ce7973a767ada (2.40)
|
|
|
|
Fix-Commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4 (2.39-31)
|
|
|
|
Fix-Commit: e1135387deded5d73924f6ca20c72a35dc8e1bda (2.38-66)
|
|
|
|
Fix-Commit: 89ce64b269a897a7780e4c73a7412016381c6ecf (2.37-89)
|
|
|
|
Fix-Commit: 4ed98540a7fd19f458287e783ae59c41e64df7b5 (2.36-164)
|
|
|
|
Fix-Commit: 36280d1ce5e245aabefb877fe4d3c6cff95dabfa (2.35-315)
|
|
|
|
Fix-Commit: a8b0561db4b9847ebfbfec20075697d5492a363c (2.34-459)
|
|
|
|
Fix-Commit: ed4f16ff6bed3037266f1fa682ebd32a18fce29c (2.33-263)
|
|
|
|
Fix-Commit: 682ad4c8623e611a971839990ceef00346289cc9 (2.32-140)
|
2024-04-22 22:04:08 +00:00
|
|
|
Fix-Commit: 3703c32a8d304c1ee12126134ce69be965f38000 (2.31-154)
|
2024-04-17 17:24:26 +00:00
|
|
|
|
2024-04-17 17:27:42 +00:00
|
|
|
Reported-By: Charles Fol
|