CVE-2024-52533

Published Nov 11, 2024

Last updated a year ago

CVSS critical 9.8

Overview

Description
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
Source
cve@mitre.org
NVD status
Analyzed
Products
glib, debian_linux, active_iq_unified_manager, ontap_tools

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-120

Social media

Hype score
Not currently trending

  1. ⚠️Actualización de seguridad para componentes de Dell RecoverPoint ❗CVE-2024-52533 ❗CVE-2018-20060 ❗CVE-2024-56337 ➡️Más info: https://t.co/GIGMcViI5N https://t.co/uwtVX3NC5O

    @CERTpy

    2 Sept 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Vulnerability: CVE-2024-52533 affecting GitOnBorg::chromium::chromium::src https://t.co/RTghLBrDpX

    @BugsAggregator

    23 Jul 2025

    329 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [1/5] ⚠️A stack buffer overflow vulnerability, CVE-2024-52533, has recently been found in the gio module of GNOME’s GLib. Despite being marked as critical by CISA, our findings reveal that its exploitation in real-world scenarios would be highly unlikely 🧵

    @JFrogSecurity

    14 Nov 2024

    448 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  4. CVE-2024-52533 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0… https://t.co/2DVJ0eSblU

    @CVEnew

    11 Nov 2024

    443 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

Configurations

Related CVEs

  1. Linux Kernel Incorrect Resource Transfer Between Spheres VulnerabilityCVE-2026-31431
  2. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.CVE-2026-34757
  3. A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.CVE-2026-4775
  4. An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.CVE-2026-1940
  5. AWStats 8.0 is vulnerable to Command Injection via the open functionCVE-2025-63261

References

Sources include official advisories and independent security research.