Описание
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 10 | mingw-glib2 | Not affected | ||
| Red Hat Enterprise Linux 7 | glib2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | glib2 | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-glib2 | Will not fix | ||
| Red Hat Enterprise Linux 9 | glib2 | Will not fix | ||
| Red Hat Enterprise Linux 9 | mingw-glib2 | Fixed | RHSA-2025:0936 | 04.02.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one erro ...
EPSS
7 High
CVSS3