# Testing CVE-2024-2961 (V1 - Under Analysis)

This repository contains a C program to test for CVE-2024-2961, which involves a buffer overflow vulnerability in the `iconv()` function of the GNU C Library (glibc). Due to the structure of PHP’s heap, this overflow can be exploited to modify part of a free list pointer, ultimately providing an arbitrary write primitive within the program’s memory. Consequently, any attacker with a file read vulnerability and a controlled prefix on a PHP application can achieve RCE. Similarly, forcing PHP to call iconv() with controlled parameters grants the attacker the same capability.

## Prerequisites

- A system with glibc version 2.39 or older.
- GCC (GNU Compiler Collection) installed.
- `iconv` library installed.

## Steps to Test

### 1. Check glibc Version

Ensure that your system has glibc version 2.39 or older:

ldd --version

### 2. Clone the Repository

Clone this repository to your local machine:

git clone
cd test_iconv

### 3. Compile the Program

Use GCC to compile the C program:

gcc -o test_iconv test_iconv.c -liconv

### 4. Run the Program

Execute the compiled program:


### 5. Analyze the Results

- If the program crashes or behaves unexpectedly, it might be an indication of the buffer overflow.
- Use debugging tools like `gdb` to analyze the crash and confirm if it is related to the vulnerability.

### Optional: Debugging with GDB

If you encounter a crash, you can use `gdb` to get more details:

gdb ./test_iconv

Within GDB, run the program:


If the program crashes, you can inspect the state of the program:


This will give you a backtrace of the crash, which can help in diagnosing if the overflow is due to the CVE.

### Optional: Using Sanitizers

Compile the program with AddressSanitizer to catch the overflow:

gcc -fsanitize=address -o test_iconv test_iconv.c -liconv

AddressSanitizer will provide detailed information if there is a buffer overflow.

## Mitigation

If the vulnerability is confirmed, consider updating glibc to a version where this issue is patched. You can download and install the latest version from the GNU project's website or your distribution's package manager.

## Research

For more details on this vulnerability, you can read the following research article:
[GLIBC Flaw CVE-2024-2961 Opens Door to RCE, PoC Exploit Published](

## Disclaimer

This code is for educational and testing purposes only. Do not use it on systems without proper authorization.