Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence

Related Vulnerabilities: CVE-2024-2961  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Florian Weimer &lt;fweimer () redhat com&gt;

Date: Wed, 24 Apr 2024 18:13:56 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
* Adhemerval Zanella Netto:

The following security advisories have been published:

GLIBC-SA-2024-0004:
===================
ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence

For those who haven't prepared/shipped updates yet: we've got a fix for
a stack-based buffer overflow in nscd under review.

  [PATCH 0/4] Various nscd security fixes
  &lt;https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer () redhat com/&gt;

These are initial patches, still under review.  The glibc security team
will send a separate notification once official patches are ready.

The initial issue was reported in Bugzilla without an embargo period,
hence the public patch development.  The other bugs concern the same
code and are very minor compared to the initial finding, so a separate
embargo for them doesn't make sense.

Thanks,
Florian

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Adhemerval Zanella Netto (Apr 17)

Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Solar Designer (Apr 18)

Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer (Apr 24)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started