CVE-2024-52533

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
gnomeglib
𝑥
< 2.82.1
debiandebian_linux
11.0
netappactive_iq_unified_manager
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bullseye
vulnerable
bullseye (security)
2.66.8-1+deb11u6
fixed
bookworm
2.74.6-2+deb12u7
fixed
bookworm (security)
vulnerable
trixie
2.84.4-3~deb13u1
fixed
forky
2.86.2-1
fixed
sid
2.86.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
questing
Fixed 2.82.1-0ubuntu1
released
plucky
Fixed 2.82.1-0ubuntu1
released
oracular
Fixed 2.82.1-0ubuntu1
released
noble
Fixed 2.80.0-6ubuntu3.2
released
jammy
Fixed 2.72.4-0ubuntu2.4
released
focal
Fixed 2.64.6-1~ubuntu20.04.8
released
bionic
Fixed 2.56.4-0ubuntu0.18.04.9+esm4
released
xenial
Fixed 2.48.2-0ubuntu4.8+esm4
released
trusty
needs-triage
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/glib/-/issues/3461
https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home
http://www.openwall.com/lists/oss-security/2024/11/12/11
https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html
https://security.netapp.com/advisory/ntap-20241206-0009/