Skip to content

update: glib #1586

New issue
New issue
Closed
flatcar/scripts
#2614
Closed
update: glib#1586
flatcar/scripts
#2614
Labels
advisorysecurity advisorycvss/CRITICAL>= 9 assessed CVSSsecuritysecurity concerns
@dongsupark

Description

@dongsupark
dongsupark
opened on Nov 26, 2024

Name: glib
CVEs: CVE-2024-52533
CVSSs: 9.8
Action Needed: update to >= 2.82.1

Summary: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

See also https://seclists.org/oss-sec/2024/q4/90, https://bugzilla.redhat.com/show_bug.cgi?id=2325340.

refmap.gentoo: TBD

Metadata

Metadata

Assignees

No one assigned

    Labels

    advisorysecurity advisorycvss/CRITICAL>= 9 assessed CVSSsecuritysecurity concerns

    Type

    No type

    Projects

    Flatcar tactical, release planning, and roadmap

    Status

    Implemented

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions