Exploit for #VU88822 Buffer overflow in Glibc

Published: 2024-05-13 | Updated: 2025-02-21

Vulnerability identifier: #VU88822

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-2961

CWE-ID: CWE-119

Exploitation vector: Network

Exploits in database: 10

February 21, 2025
- PHP-file-read-to-RCE-CVE-2024-2961- (To use, implement the Remote class, which tells the exploit how to send the payload.) [Github]
February 7, 2025
- CVE-2024-2961_buddyforms_2.7.7 (CVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7) [Github]
- cve-2024-2961_buddyforms (CVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7) [Github]
January 31, 2025
- CVE-2024-2961-Remote-File-Read (This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.) [Github]
October 18, 2024
- CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961) [Metasploit]
June 7, 2024
- CVE-2024-2961_poc [Github]
- cve-2024-2961 [Github]
- test_iconv [Github]
May 31, 2024
- cnext-exploits (Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()) [Github]
May 13, 2024
- FIX-CVE-2024-2961 [Github]

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU