CVE-2024-52533

Public on 2024-11-11

Modified on 2024-11-15

Description

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

Severity

Medium

CVSS v3 Base Score

4.9

See breakdown

Affected Packages

Platform	Package	Status
Amazon Linux 1	glib2	No Fix Planned
Amazon Linux 2 - Core	glib2	Pending Fix
Amazon Linux 2023	glib2	Pending Fix

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	4.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
NVD	CVSSv3	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2024-52533 Mitre: CVE-2024-52533