Bug 2325340 (CVE-2024-52533)

Summary: CVE-2024-52533 glib: buffer overflow in set_connect_msg()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, dave.mcinnis, kshier, mcatanza, omaciel, prodsec-dev, shaising, stcannon, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---Flags: omaciel: needinfo-
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2325360, 2325361, 2325362    
Bug Blocks:    

Description OSIDB Bzimport 2024-11-11 23:01:12 UTC 
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
Comment 2 David McInnis 2024-11-27 20:59:45 UTC 
RHEL 9 is in a "Will not fix" state according to CVE-2024-52533.

Can anyone explain the justification for not fixing for RHEL9?

Also, is there a link with additional Red Hat information beyond this bug and the CVE page?

Thanks,

-Dave
Comment 4 Alison Dudiak 2025-01-15 18:25:17 UTC 
I believe I have been incorrectly added to this ticket. Nothing to report.
Comment 5 errata-xmlrpc 2025-02-04 00:29:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:0936 https://access.redhat.com/errata/RHSA-2025:0936
Comment 7 Michael Catanzaro 2025-04-14 16:56:16 UTC 
(In reply to David McInnis from comment #2)
> RHEL 9 is in a "Will not fix" state according to CVE-2024-52533.
> 
> Can anyone explain the justification for not fixing for RHEL9?

Hi, this is a very low-severity issue. Only affects you if (a) username component of URL is exactly 255 bytes, AND (b) hostname component of URL is also exactly 255 bytes. In the extremely unlikely event you're using a socks4a proxy with a URL that meets both of those conditions, or have decided to allow an attacker to specify which proxy URLs to use for some very strange reason, then the impact is a one byte out of bounds write that is not attacker-controlled (it will always be the trailing nul byte). Suffice to say CVSS scores do not always map well to actual risk, and I wouldn't worry about this one.

If I were analyzing this today, I would not have requested a CVE at all since the risk here is very low. Surely there are very many far more serious issues that never receive CVE IDs. However, it is an out of bounds write, so it is technically a vulnerability.

> Also, is there a link with additional Red Hat information beyond this bug
> and the CVE page?

See: https://gitlab.gnome.org/GNOME/glib/-/issues/3461
Comment 9 errata-xmlrpc 2025-07-14 08:31:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:10855 https://access.redhat.com/errata/RHSA-2025:10855
Comment 10 errata-xmlrpc 2025-07-15 13:16:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:11140 https://access.redhat.com/errata/RHSA-2025:11140
Comment 12 errata-xmlrpc 2025-07-16 14:05:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:11327 https://access.redhat.com/errata/RHSA-2025:11327
Comment 15 errata-xmlrpc 2025-07-17 09:07:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:11373 https://access.redhat.com/errata/RHSA-2025:11373
Comment 16 errata-xmlrpc 2025-07-17 09:46:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:11374 https://access.redhat.com/errata/RHSA-2025:11374
Comment 18 errata-xmlrpc 2025-07-30 09:22:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:12275 https://access.redhat.com/errata/RHSA-2025:12275
Comment 20 errata-xmlrpc 2025-08-07 06:31:31 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2025:13276 https://access.redhat.com/errata/RHSA-2025:13276
Comment 40 errata-xmlrpc 2025-09-02 01:39:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:14990 https://access.redhat.com/errata/RHSA-2025:14990
Comment 41 errata-xmlrpc 2025-09-02 02:05:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:14989 https://access.redhat.com/errata/RHSA-2025:14989
Comment 42 errata-xmlrpc 2025-09-02 02:07:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:14991 https://access.redhat.com/errata/RHSA-2025:14991
Comment 43 errata-xmlrpc 2025-09-02 02:46:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:14988 https://access.redhat.com/errata/RHSA-2025:14988