CVE-2024-52533

Опубликовано: 11 нояб. 2024

Источник: redhat

CVSS3: 7

Описание

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	mingw-glib2	Not affected
Red Hat Enterprise Linux 7	glib2	Out of support scope
Red Hat Enterprise Linux 8	mingw-glib2	Will not fix
Red Hat Enterprise Linux 10	glib2	Fixed	RHSA-2025:10855	14.07.2025
Red Hat Enterprise Linux 8	glib2	Fixed	RHSA-2025:11327	16.07.2025
Red Hat Enterprise Linux 9	glib2	Fixed	RHSA-2025:11140	15.07.2025
Red Hat Enterprise Linux 9	mingw-glib2	Fixed	RHSA-2025:0936	04.02.2025
Red Hat Enterprise Linux 9	glib2	Fixed	RHSA-2025:11140	15.07.2025
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	glib2	Fixed	RHSA-2025:11373	17.07.2025
Red Hat Enterprise Linux 9.4 Extended Update Support	glib2	Fixed	RHSA-2025:11374	17.07.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-193

https://bugzilla.redhat.com/show_bug.cgi?id=2325340glib: buffer overflow in set_connect_msg()

7 High

CVSS3

Связанные уязвимости

CVE-2024-52533

CVSS3: 9.8

ubuntu

9 месяцев назад

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVE-2024-52533

CVSS3: 9.8

nvd

9 месяцев назад

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.