9 votes

Bug in glibc's iconv() function allows for RCE in PHP servers by setting charset to ISO-2022-CN-EXT to trigger buffer overflow (CVE-2024-2961)

Posted April 22 by AndreasChris

Tags: security.cyber, php, cve, buffer overflow, remote code execution, rce, glibc, author.charles fol

https://www.offensivecon.org/speakers/2024/charles-fol.html

Link information

This data is scraped automatically and may be incorrect.

Title: Charles Fol
Word count: 198 words

1 comment

AndreasChris (OP)
April 22
Link
Will be interesting to see the actual talk of which I linked the abstract. Unfortunately it's still about 2.5 weeks from now. It appears the buffer overflow that can be triggered via iconv() in...

Will be interesting to see the actual talk of which I linked the abstract. Unfortunately it's still about 2.5 weeks from now.

It appears the buffer overflow that can be triggered via iconv() in and of itself requires very specific preconditions. However, it looks like they're gonna present some sort of PoC of an exploit that uses an HTTP header or similar mechanism to set the charset, which allows them to gain RCE in vulnerable PHP servers.

Also here's the link to the corresponding security advisory from the oss security mailinglist: https://www.openwall.com/lists/oss-security/2024/04/18/4

5 votes