I wonder if GLIBC-SA-2024-0004 / CVE-2024-2961 "iconv() out-of-bound writes when writing escape sequence" might allow exploitation in some setuid binaries. Being limited to fixed values '$+I', '$+J', '$+K', '$+L', '$+M', or '$*H' for the overwrite does place fairly significant limitations, however. I believe it would have to be very specific scenario to be exploitable (maybe affecting code flow by setting some variable to nonzero)
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 #GLIBCSA20240004 #CVE20242961 #vulnerability #infosec #cybersecurity