gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
The SOCKS4_CONN_MSG_LEN constant defines a buffer length that is too small — it does not account for space for the null terminating character ('\0'). When constructing a SOCKS4 connection message, the write extends one byte beyond the allocated memory area, resulting in a classic buffer overflow classified as CWE-120. An attacker can use this to overwrite adjacent memory areas of the process.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the vulnerable system, as well as compromise the confidentiality, integrity, and availability of data without requiring any special privileges.
GNOME GLib should be updated to version 2.82.1 or later. For Debian systems, patches announced in the debian-lts-announce bulletin from November 2024 should be applied. Users of NetApp products (Active IQ Unified Manager, ONTAP Tools) should follow vendor recommendations and implement available updates according to their references.
GNOME GLib versions before 2.82.1, as well as products based on this library: Debian Linux (including the LTS branch) and NetApp Active IQ Unified Manager and NetApp ONTAP Tools.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian11.0Gnome Glib
APPGnome< 2.82.1Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Ontap Tools
APPNetapp10
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki