CVE-2024-52533

Опубликовано: 11 нояб. 2024

Источник: debian

EPSS Низкий

Описание

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
glib2.0	fixed	2.82.1-1		package
glib2.0	fixed	2.74.6-2+deb12u5	bookworm	package

Примечания

https://gitlab.gnome.org/GNOME/glib/-/issues/3461
https://gitlab.gnome.org/GNOME/glib/-/commit/25833cefda24c60af913d6f2d532b5afd608b821 (main)
https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 (2.82.1)

EPSS

Процентиль: 71%

0.00719

Низкий

Связанные уязвимости

CVE-2024-52533

CVSS3: 9.8

ubuntu

7 месяцев назад

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVE-2024-52533

CVSS3: 7

redhat

8 месяцев назад

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVE-2024-52533

CVSS3: 9.8

nvd

7 месяцев назад

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVE-2024-52533

CVSS3: 9.8

msrc

7 месяцев назад

Описание отсутствует

SUSE-SU-2024:4254-1

suse-cvrf

7 месяцев назад

Security update for glib2

EPSS

Процентиль: 71%

0.00719

Низкий