CVE-2024-52533

CRITICAL

Gnome Glib < 2.82.1 - Buffer Overflow

Title source: rule

Description

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

References (6)

[Exploit, Issue Tracking] https://gitlab.gnome.org/GNOME/glib/-/issues/3461

[Release Notes] https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1

[Vendor Advisory] https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home

[Mailing List] http://www.openwall.com/lists/oss-security/2024/11/12/11

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20241206-0009/

Scores

CVSS v3 9.8

EPSS 0.0309

EPSS Percentile 86.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-120

Status published

Affected Products (4)

gnome/glib < 2.82.1

debian/debian_linux

netapp/active_iq_unified_manager

netapp/ontap_tools

Timeline

Published Nov 11, 2024

Tracked Since Feb 18, 2026