CVE
CVE-2024-52533
| CVE ID |
CVE-2024-52533
|
|---|---|
| CVSS Score |
NA
|
| Operating System | |
| Affected Versions |
CentOS 8
|
| Patched Versions |
glib2-2.56.4-156_ol001.el8
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
SOCKS4_CONN_MSG_LEN failed to account for the length of the final null byte in the connect message, which is an addition in SOCKSv4a.
This means that the buffer for building and transmitting the connect message could overflow if the username and hostname are both SOCKS4_MAX_LEN (255)bytes long.
Proxy configurations are normally statically configured, so the username is unlikely to be near its maximum length, and hence this overflow is unlikely to be triggered in practice.