ГлавнаяУязвимости → CVE-2024-2961
7.3высокая

CVE-2024-2961

→ есть в БДУ: BDU:2024-03171 (на русском)
Описание (на английском; русское — в БДУ выше)

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Затрагиваемое ПО
Gnu GlibcNetapp Active iq unified managerDebian Debian linuxNetapp Hci h300s firmwareNetapp Hci h300sNetapp Hci h500s firmwareNetapp Hci h500sNetapp Hci h700s firmwareNetapp Hci h700sNetapp Hci h410s firmwareNetapp Hci h410sNetapp Hci h410c firmwareNetapp Hci h410cNetapp Hci h610c firmwareNetapp Hci h610cNetapp Hci h610s firmwareNetapp Hci h610sNetapp Hci h615c firmwareNetapp Hci h615cNetapp Hci compute nodeNetapp Ontap select deploy administration utility
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Источники
http://www.openwall.com/lists/oss-security/2024/04/17/9http://www.openwall.com/lists/oss-security/2024/04/18/4http://www.openwall.com/lists/oss-security/2024/04/24/2http://www.openwall.com/lists/oss-security/2024/05/27/1http://www.openwall.com/lists/oss-security/2024/05/27/2http://www.openwall.com/lists/oss-security/2024/05/27/3http://www.openwall.com/lists/oss-security/2024/05/27/4http://www.openwall.com/lists/oss-security/2024/05/27/5