CVE-2024-52533

CWE-120Classic Buffer OverflowCWE-1938 documents8 sources
Severity
9.8CRITICAL
EPSS
3.1%
top 13.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gnome GlibDebian Debian LinuxNetapp Ontap Tools
Timeline
PublishedNov 11
Latest updateNov 18

Description

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDgnome/glib< 2.82.1
Debianglib2.0< 2.66.8-1+deb11u5+3

Also affects: Ontap Tools 10, Debian Linux 11.0

🔴Vulnerability Details

3
GHSA
GHSA-5rq6-q8gw-qqpr: gio/gsocks4aproxy2024-11-12
CVEList
CVE-2024-52533: gio/gsocks4aproxy2024-11-11
OSV
CVE-2024-52533: gio/gsocks4aproxy2024-11-11

📋Vendor Advisories

4
Ubuntu
GLib vulnerability2024-11-18
Microsoft
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.2024-11-12
Red Hat
glib: buffer overflow in set_connect_msg()2024-11-11
Debian
CVE-2024-52533: glib2.0 - gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resu...2024
CVE-2024-52533 (CRITICAL CVSS 9.8) | gio/gsocks4aproxy.c in GNOME GLib b | cvebase.io