This repository contains a C program to test for CVE-2024-2961, which involves a buffer overflow vulnerability in the iconv()
function of the GNU C Library (glibc). Due to the structure of PHP’s heap, this overflow can be exploited to modify part of a free list pointer, ultimately providing an arbitrary write primitive within the program’s memory. Consequently, any attacker with a file read vulnerability and a controlled prefix on a PHP application can achieve RCE. Similarly, forcing PHP to call iconv() with controlled parameters grants the attacker the same capability.
- A system with glibc version 2.39 or older.
- GCC (GNU Compiler Collection) installed.
iconv
library installed.
Ensure that your system has glibc version 2.39 or older:
ldd --version
Clone this repository to your local machine:
git clone https://github.com/exfil0/test_iconv.git
cd test_iconv
Use GCC to compile the C program:
gcc -o test_iconv test_iconv.c -liconv
Execute the compiled program:
./test_iconv
- If the program crashes or behaves unexpectedly, it might be an indication of the buffer overflow.
- Use debugging tools like
gdb
to analyze the crash and confirm if it is related to the vulnerability.
If you encounter a crash, you can use gdb
to get more details:
gdb ./test_iconv
Within GDB, run the program:
run
If the program crashes, you can inspect the state of the program:
bt
This will give you a backtrace of the crash, which can help in diagnosing if the overflow is due to the CVE.
Compile the program with AddressSanitizer to catch the overflow:
gcc -fsanitize=address -o test_iconv test_iconv.c -liconv
./test_iconv
AddressSanitizer will provide detailed information if there is a buffer overflow.
If the vulnerability is confirmed, consider updating glibc to a version where this issue is patched. You can download and install the latest version from the GNU project's website or your distribution's package manager.
For more details on this vulnerability, you can read the following research article: GLIBC Flaw CVE-2024-2961 Opens Door to RCE, PoC Exploit Published
This code is for educational and testing purposes only. Do not use it on systems without proper authorization.