all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)

Add to bookmarks
April 23, 2024, 2:33 a.m. | Garrett Mills

DEV Community dev.to


This post originally appeared on my blog, here.



Recently, CVE-2024-2961 was released which identifies a buffer overflow vulnerability in GNU libc versions < 2.39 when converting charsets to certain Chinese Extended encodings.


This vulnerability affects PHP when iconv is used to translate request encodings to/from the affected charsets and has the potential to be wide-ranging (e.g. the latest wordpress:apache image has iconv with the vulnerable charsets enabled).


Obviously, the best mitigation is to update to a patched version of …

blog buffer buffer overflow buffer overflow vulnerability chinese cve cve-2024 gnu linux overflow php request security translate vulnerability

Visit resource

More from dev.to / DEV Community

InnOlympics Hackathon 2024 58 minutes ago | dev.to
hackathon opportunity top 10 webdev
AWS Certified Solutions Architect - Associate 2 hours ago | dev.to
access access management amp architect +48
AWS Certified Solutions Architect - Associate 2 hours ago | dev.to
access access management amp architect +46
File Encryption in Rust 2 hours ago | dev.to
back cryptography don encrypt +12
This is the first Chrome extension I built as a hobby 3 hours ago | dev.to
access chrome chrome extension computer +9
How Amazon GuardDuty can help keep Amazon EKS secure 4 hours ago | dev.to
amazon amazon eks amazon guardduty can +21
Day 5: The Switch 4 hours ago | dev.to
city code firewalls honeypots +14
JuiceFS 1.2 Beta 1: Gateway Upgrade, Enhanced Multi-User Permission Management 6 hours ago | dev.to
access access management application automated +24
On Premise Face Recognition SDK and Liveness Detection SDK by FacePlugin 7 hours ago | dev.to
age ai critical datascience +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr Security Engineer - Colombia

@ Nubank | Colombia, Bogota
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Menlo Park, CA | Washington, DC | Remote, US
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com
View more jobs