gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
RHEL 9 is in a "Will not fix" state according to CVE-2024-52533. Can anyone explain the justification for not fixing for RHEL9? Also, is there a link with additional Red Hat information beyond this bug and the CVE page? Thanks, -Dave
I believe I have been incorrectly added to this ticket. Nothing to report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:0936 https://access.redhat.com/errata/RHSA-2025:0936
(In reply to David McInnis from comment #2) > RHEL 9 is in a "Will not fix" state according to CVE-2024-52533. > > Can anyone explain the justification for not fixing for RHEL9? Hi, this is a very low-severity issue. Only affects you if (a) username component of URL is exactly 255 bytes, AND (b) hostname component of URL is also exactly 255 bytes. In the extremely unlikely event you're using a socks4a proxy with a URL that meets both of those conditions, or have decided to allow an attacker to specify which proxy URLs to use for some very strange reason, then the impact is a one byte out of bounds write that is not attacker-controlled (it will always be the trailing nul byte). Suffice to say CVSS scores do not always map well to actual risk, and I wouldn't worry about this one. If I were analyzing this today, I would not have requested a CVE at all since the risk here is very low. Surely there are very many far more serious issues that never receive CVE IDs. However, it is an out of bounds write, so it is technically a vulnerability. > Also, is there a link with additional Red Hat information beyond this bug > and the CVE page? See: https://gitlab.gnome.org/GNOME/glib/-/issues/3461