Sansec logo

Linux iconv RCE - CVE-2024-2961


by Team Sansec

Published in Guides

On May 27th 2024, an exploit for a critical security flaw in Linux was made public (CVE-2024-2961), which makes it easier to hack into popular PHP applications. We believe we will soon see specific ecommerce attacks using this technique, so we recommend to verify that your infrastructure is up to date. The flaw is present in the iconv functionality of glibc. Most Linux distros have published fixed glibc packages in the last few weeks, but we observed that not all of our customers have upgraded yet.

To check whether you are currently vulnerable, you can run this code:

curl -sO &&
gcc cve-2024-2961.c -o poc &&

If you don’t have gcc on your production servers, you can also use our precompiled test:

curl -sO &&
chmod 700 cve-2024-2961 &&

If you are vulnerable, make sure to upgrade to the latest glibc version immediately. It is also strongly recommended to enable automatic security upgrades. See your Linux distro documentation for further instructions.

If you use managed hosting, urge your hosting company to upgrade their systems.

Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security


Terms & Conditions
Privacy & Cookie Policy
Company Reg 77165187
Tax NL860920306B01