Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-2961
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU C Library 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU C Library(glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.39 及之前版本存在安全漏洞,该漏洞源于 iconv() 函数可能会缓冲区溢出,导致应用程序崩溃或覆盖相邻变量。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
The GNU C Libraryglibc 2.1.93 ~ 2.40 -
II. Public POCs for CVE-2024-2961
#POC DescriptionSource LinkShenlong Link
1Quick mitigation script https://github.com/mattaperkins/FIX-CVE-2024-2961POC Details
2CVE-2024–2961 Security Issue Mitigation Scripthttps://github.com/rvizx/CVE-2024-2961POC Details
3Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()https://github.com/ambionics/cnext-exploitsPOC Details
4Bash script to patch for CVE-2024-2961https://github.com/absolutedesignltd/iconvfixPOC Details
5This repository contains a C program to test for CVE-2024-2961, a buffer overflow vulnerability in the iconv() function of glibc.https://github.com/exfil0/test_iconvPOC Details
6Nonehttps://github.com/tnishiox/cve-2024-2961POC Details
7Nonehttps://github.com/kjdfklha/CVE-2024-2961_pocPOC Details
8This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.https://github.com/kyotozx/CVE-2024-2961-Remote-File-ReadPOC Details
9Uses CVE-2024-2961 to perform an arbitrary file readhttps://github.com/4wayhandshake/CVE-2024-2961POC Details
10CVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7https://github.com/suce0155/CVE-2024-2961_buddyforms_2.7.7POC Details
11To use, implement the Remote class, which tells the exploit how to send the payload.https://github.com/regantemudo/PHP-file-read-to-RCE-CVE-2024-2961-POC Details
12PHP Local File Read vulnerability leading to Remote Code Execution https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2024/CVE-2024-2961.yamlPOC Details
13Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80%E6%BC%8F%E6%B4%9E/PHP%20%E5%88%A9%E7%94%A8%20GNU%20C%20Iconv%20%E5%B0%86%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%8F%90%E5%8D%87%E8%87%B3%20RCE%20CVE-2024-2961.mdPOC Details
14https://github.com/vulhub/vulhub/blob/master/php/CVE-2024-2961/README.mdPOC Details
15Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()https://github.com/scriptSails/glibcsPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-2961
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: glibc
Same vendor: The GNU C Library
Same weakness: CWE-787
V. Comments for CVE-2024-2961

No comments yet

Leave a comment