- Description
- gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-120
- Hype score
- Not currently trending
[1/5] ⚠️A stack buffer overflow vulnerability, CVE-2024-52533, has recently been found in the gio module of GNOME’s GLib. Despite being marked as critical by CISA, our findings reveal that its exploitation in real-world scenarios would be highly unlikely 🧵
@JFrogSecurity
14 Nov 2024
448 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
1 Quote
CVE-2024-52533 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0… https://t.co/2DVJ0eSblU
@CVEnew
11 Nov 2024
443 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote