PT-2024-9111 · Gnome+9 · Gnome Glib+9
Alan Coopersmith
·
Published
2024-11-11
·
Updated
2026-03-29
·
CVE-2024-52533
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
GNOME GLib versions prior to 2.82.1
Description:
The issue is related to an off-by-one error and resultant buffer overflow in the
gio/gsocks4aproxy.c component of GNOME GLib. This occurs because SOCKS4 CONN MSG LEN is not sufficient for a trailing 0 character. The vulnerability is associated with uncontrolled copying of input data, which could allow a remote attacker to cause a denial of service. Despite being marked as critical, exploitation of this issue in real-world scenarios is considered highly unlikely.Recommendations:
For GNOME GLib versions prior to 2.82.1, update to version 2.82.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable
gio/gsocks4aproxy.c component until a patch is applied. Avoid using the SOCKS4 CONN MSG LEN variable in affected API endpoints until the issue is resolved.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Gnome Glib
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu