Fluid Attacks Database

Description

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	glib2.0	>=0 <2.82.1-1	2.82.1-1
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| >=0 <2.66.8-1+deb11u5	2.66.8-1+deb11u5
debian 14	glib2.0	>=0 <2.82.1-1	2.82.1-1
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| >=0 <2.74.6-2+deb12u5	2.74.6-2+deb12u5
rpm rhel9.4	glib2	<0:2.68.4-14.el9_4.3	0:2.68.4-14.el9_4.3
rpm rhel8.4	glib2	<0:2.56.4-10.el8_4.2	0:2.56.4-10.el8_4.2
rpm rhel8	glib2	<0:2.56.4-166.el8_10	0:2.56.4-166.el8_10
rpm rhel7	glib2	-	-
rpm rhel10	glib2	<0:2.80.4-4.el10_0.6	0:2.80.4-4.el10_0.6
rpm rhel9	mingw-glib2	<0:2.78.6-2.el9	0:2.78.6-2.el9

1-10 of 12

Aliases

1. CVE-2024-525332. NVD-2024-525333. OSV-DEBIAN-2024-525334. OSV-2024-525335. SECURITY-TRACKER-CVE-2024-52533

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.