CVE-2024-52533
published 2024-11-11CVE-2024-52533: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | glib2.0 | < glib2.0 2.74.6-2+deb12u5 (bookworm) | glib2.0 2.74.6-2+deb12u5 (bookworm) |
| gnome | glib | < 2.82.1 | 2.82.1 |
| msrc | azl3_glib_2.78.1-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_glib_2.78.6-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_glib_2.71.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_glib_2.71.0-4_on_cbl_mariner_2.0 | — | — |
| netapp | ontap_tools | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL