xeiaso.net
Open in
urlscan Pro
2a09:8280:1::42:7c31
Public Scan
URL:
https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2024-2961/
Submission: On April 23 via manual from DE — Scanned from DE
Submission: On April 23 via manual from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Xe Blog Contact Resume Talks VODs Signalboost Simplify infrastructure with MongoDB Atlas, the leading developer data platform Ads by EthicalAds Close Ad "NO WAY TO PREVENT THIS" SAY USERS OF ONLY LANGUAGE WHERE THIS REGULARLY HAPPENS Published on 04/21/2024, 230 words, 1 minutes to read A forlorn business man resting his head on a brown wall next to a window. - Photo by Andrea Piacquadio, source: Pexels In the hours following the release of CVE-2024-2961 for the project GNU glibc, site reliability workers and systems administrators scrambled to desperately rebuild and patch all their systems to fix a vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may be used to gain arbitrary code execution or arbitrary memory corruption. This is due to the affected components being written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes these things just happen and there's nothing anyone can do to stop them," said programmer Miss Esmeralda Skiles, echoing statements expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless." -------------------------------------------------------------------------------- Share Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear. Tags: Copyright 2012-2024 Xe Iaso (Christine Dodrill). Any and all opinions listed here are my own and not representative of any of my employers, past, future, and/or present. Like what you see? Donate on Patreon like these awesome people! Served by xesite v4 (/nix/store/k97rlywj5qw9c7w69jl42gm1afw8vxnz-xesite_v4-20240224/bin/xesite) with site version 8ab57f9c , source code available here.