Search for vulnerabilities
Vulnerability details: VCID-ygm6-g4ma-a3hz
Vulnerability ID VCID-ygm6-g4ma-a3hz
Aliases CVE-2024-2961
Summary The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2961.json
epss 0.91877 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92055 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92237 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92237 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92276 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92276 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92516 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92516 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92618 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.92618 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.9265 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.9265 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
epss 0.9265 https://api.first.org/data/v1/epss?cve=CVE-2024-2961
cvssv3.1 8.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.3 https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
ssvc Track* https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
cvssv3.1 7.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
ssvc Track* https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
cvssv3.1 7.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
ssvc Track* https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
cvssv3.1 7.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
ssvc Track* https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
cvssv3.1 7.3 https://security.netapp.com/advisory/ntap-20240531-0002/
ssvc Track* https://security.netapp.com/advisory/ntap-20240531-0002/
cvssv3.1 7.3 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
ssvc Track* https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/04/17/9
ssvc Track* http://www.openwall.com/lists/oss-security/2024/04/17/9
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/04/18/4
ssvc Track* http://www.openwall.com/lists/oss-security/2024/04/18/4
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/04/24/2
ssvc Track* http://www.openwall.com/lists/oss-security/2024/04/24/2
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/05/27/1
ssvc Track* http://www.openwall.com/lists/oss-security/2024/05/27/1
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/05/27/2
ssvc Track* http://www.openwall.com/lists/oss-security/2024/05/27/2
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/05/27/3
ssvc Track* http://www.openwall.com/lists/oss-security/2024/05/27/3
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/05/27/4
ssvc Track* http://www.openwall.com/lists/oss-security/2024/05/27/4
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/05/27/5
ssvc Track* http://www.openwall.com/lists/oss-security/2024/05/27/5
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/05/27/6
ssvc Track* http://www.openwall.com/lists/oss-security/2024/05/27/6
cvssv3.1 7.3 http://www.openwall.com/lists/oss-security/2024/07/22/5
ssvc Track* http://www.openwall.com/lists/oss-security/2024/07/22/5
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2961.json
https://api.first.org/data/v1/epss?cve=CVE-2024-2961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
1 http://www.openwall.com/lists/oss-security/2024/05/27/1
1069191 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069191
2 http://www.openwall.com/lists/oss-security/2024/04/24/2
2 http://www.openwall.com/lists/oss-security/2024/05/27/2
2273404 https://bugzilla.redhat.com/show_bug.cgi?id=2273404
3 http://www.openwall.com/lists/oss-security/2024/05/27/3
4 http://www.openwall.com/lists/oss-security/2024/04/18/4
4 http://www.openwall.com/lists/oss-security/2024/05/27/4
5 http://www.openwall.com/lists/oss-security/2024/05/27/5
5 http://www.openwall.com/lists/oss-security/2024/07/22/5
6 http://www.openwall.com/lists/oss-security/2024/05/27/6
9 http://www.openwall.com/lists/oss-security/2024/04/17/9
BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961
GLIBC-SA-2024-0004 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
msg00001.html https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
ntap-20240531-0002 https://security.netapp.com/advisory/ntap-20240531-0002/
P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
RHSA-2024:2722 https://access.redhat.com/errata/RHSA-2024:2722
RHSA-2024:2799 https://access.redhat.com/errata/RHSA-2024:2799
RHSA-2024:3269 https://access.redhat.com/errata/RHSA-2024:3269
RHSA-2024:3309 https://access.redhat.com/errata/RHSA-2024:3309
RHSA-2024:3312 https://access.redhat.com/errata/RHSA-2024:3312
RHSA-2024:3339 https://access.redhat.com/errata/RHSA-2024:3339
RHSA-2024:3411 https://access.redhat.com/errata/RHSA-2024:3411
RHSA-2024:3423 https://access.redhat.com/errata/RHSA-2024:3423
RHSA-2024:3464 https://access.redhat.com/errata/RHSA-2024:3464
RHSA-2024:3588 https://access.redhat.com/errata/RHSA-2024:3588
RHSA-2024:4126 https://access.redhat.com/errata/RHSA-2024:4126
RHSA-2024:7590 https://access.redhat.com/errata/RHSA-2024:7590
RHSA-2024:7594 https://access.redhat.com/errata/RHSA-2024:7594
RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:7939 https://access.redhat.com/errata/RHSA-2024:7939
RHSA-2024:8235 https://access.redhat.com/errata/RHSA-2024:8235
USN-6737-1 https://usn.ubuntu.com/6737-1/
USN-6737-2 https://usn.ubuntu.com/6737-2/
USN-6762-1 https://usn.ubuntu.com/6762-1/
YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
Data source Metasploit
Description This combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961) allows for unauthenticated Remote Code Execution on the following versions of Magento and Adobe Commerce and earlier if the PHP and glibc versions are also vulnerable: - 2.4.7 and earlier - 2.4.6-p5 and earlier - 2.4.5-p7 and earlier - 2.4.4-p8 and earlier Vulnerable PHP versions: - From PHP 7.0.0 (2015) to 8.3.7 (2024) Vulnerable iconv() function in the GNU C Library: - 2.39 and earlier The exploit chain is quite interesting and for more detailed information check out the references. The tl;dr being: CVE-2024-34102 is an XML External Entity vulnerability leveraging PHP filters to read arbitrary files from the target system. The exploit chain uses this to read /proc/self/maps, providing the address of PHP's heap and the libc's filename. The libc is then downloaded, and the offsets of libc_malloc, libc_system and libc_realloc are extracted, and made use of later in the chain. With this information and expert knowledge of PHP's heap (chunks, free lists, buckets, bucket brigades), CVE-2024-2961 can be exploited. A long chain of PHP filters is constructed and sent in the same way the XXE is exploited, building a payload in memory and using the buffer overflow to execute it, resulting in an unauthenticated RCE.
Note 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date July 26, 2024
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2961.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://security.netapp.com/advisory/ntap-20240531-0002/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at https://security.netapp.com/advisory/ntap-20240531-0002/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/17/9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/04/17/9
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/18/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/04/18/4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/24/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/04/24/2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/27/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/27/1
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/27/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/27/2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/27/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/27/3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/27/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/27/4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/27/5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/27/5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/27/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/27/6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/07/22/5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-30T04:00:23Z/ Found at http://www.openwall.com/lists/oss-security/2024/07/22/5
Exploit Prediction Scoring System (EPSS)
Percentile 0.99687
EPSS Score 0.91877
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:37:03.788388+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6762-1/ 37.0.0