CVE-2024-2961
high
CVSS v3
7.3
CVSS v4 NEW
โ
VIR risk
8.3
Description
RHSA-2024:3269: glibc security update (Important)
Predictions
Exploit likelihood
100%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Source fetch failed: fetch_error โ view the original via the link above.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.37-18 |
| sid | Fixed | 2.37-18 |
| forky | Fixed | 2.37-18 |
| bullseye | Fixed | 2.31-13+deb11u9 |
| bookworm | Fixed | 2.36-9+deb12u6 |
| 10.0 | Affected | โ |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | glibc-doc-2.34-100.el9_4.2.noarch.rpm |
| 8 | Fixed | glibc-doc-2.28-236.el8_9.13.noarch.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gnu | glibc | {"startIncluding":"2.1.93","endExcluding":"2.40"} | 2.40 |
| netapp | active_iq_unified_manager | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
References
- https://access.redhat.com/errata/RHSA-2024:3339
- http://www.openwall.com/lists/oss-security/2024/04/17/9
- http://www.openwall.com/lists/oss-security/2024/04/18/4
- http://www.openwall.com/lists/oss-security/2024/04/24/2
- http://www.openwall.com/lists/oss-security/2024/05/27/1
- http://www.openwall.com/lists/oss-security/2024/05/27/2
- http://www.openwall.com/lists/oss-security/2024/05/27/3
- http://www.openwall.com/lists/oss-security/2024/05/27/4
- http://www.openwall.com/lists/oss-security/2024/05/27/5
- http://www.openwall.com/lists/oss-security/2024/05/27/6
- http://www.openwall.com/lists/oss-security/2024/07/22/5
- https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
- https://security.netapp.com/advisory/ntap-20240531-0002/
- https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
- https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
- https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
- https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://errata.rockylinux.org/RLSA-2024:3269
- https://errata.rockylinux.org/RLSA-2024:2722
- https://security-tracker.debian.org/tracker/CVE-2024-2961
- https://www.suse.com/security/cve/CVE-2024-2961.html
CWEs
CWE-787
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.