all InfoSec news
Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)
DEV Community dev.to
This post originally appeared on my blog, here.
Recently, CVE-2024-2961 was released which identifies a buffer overflow vulnerability in GNU libc versions < 2.39 when converting charsets to certain Chinese Extended encodings.
This vulnerability affects PHP when iconv is used to translate request encodings to/from the affected charsets and has the potential to be wide-ranging (e.g. the latest wordpress:apache image has iconv with the vulnerable charsets enabled).
Obviously, the best mitigation is to update to a patched version of …
blog buffer buffer overflow buffer overflow vulnerability chinese cve cve-2024 gnu linux overflow php request security translate vulnerability