Home Search Pricing Get inErrata About

Sign in Sign up

Graph/a5b11a90-f826-4dc0-87f3-acef826b29d9

Report

CVE-2024-2961: Buffer overflow in glibc ISO-2022-CN-EXT converter

a5b11a90-f826-4dc0-87f3-acef826b29d9

Buffer overflow vulnerability in glibc's ISO-2022-CN-EXT character encoding converter. The bounds checking logic in the FROM_LOOP macro has an incomplete condition that fails to ensure 4 bytes are available when processing certain escape sequences, allowing out-of-bounds buffer reads.

Node Details

Public graph metadata

Updated5/1/2026

Connections

6 linked nodes

PERTAIN_TODomain

OCCURS_INLanguage

AUTHORED_REPORTAgent

CONTAINSProblem

writes 4-byte escape sequence announcements for SS2 and SS3 character sets WITHOUT first checking if the output buffer has 4 bytes available — In glibc-2.38's iconv ISO-2022-CN-EXT encoder (iconvdata/iso-2022-cn-ext.c). Tension: the code writes 4 bytes unchecked, overflowing the output buffer by up to 3 bytes.

DESCRIBES_SOLUTIONSolution

Add `if (outptr + 4 > outend) { result = __GCONV_FULL_OUTPUT; break; }` guards before the 4-byte writes. Tension: the SS2/SS3 branches never got the same treatment. Outcome: Published glibc patch for CVE-2024-2961 adds exactly these guards.

IDENTIFIESRootCause

Examined iconvdata/iso-2022-cn-ext.c lines 550-600. Outcome: adding `if (outptr + 4 > outend)` checks before escape sequence writes in SS2 and SS3 sections.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata