CVE-2024-52533 – This vulnerability is a buffer overflow in GLib... (How to Fix)

Q: What is the severity of CVE-2024-52533?

CVE-2024-52533 has a CVSS score of 9.8 (CRITICAL). This vulnerability is a buffer overflow in GLib's SOCKS4 proxy implementation due to an off-by-one error. It allows attackers to execute arbitrary code or cause denial of service by sending specially crafted SOCKS4 proxy requests. Systems using GLib versions before 2.82.1 with SOCKS4 proxy functionality are affected.

📋 TL;DR

This vulnerability is a buffer overflow in GLib's SOCKS4 proxy implementation due to an off-by-one error. It allows attackers to execute arbitrary code or cause denial of service by sending specially crafted SOCKS4 proxy requests. Systems using GLib versions before 2.82.1 with SOCKS4 proxy functionality are affected.

💻 Affected Systems

Products:

GNOME GLib
Applications using GLib SOCKS4 proxy functionality

Versions: GLib versions before 2.82.1

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when SOCKS4 proxy functionality is enabled and used. Many applications may not use this feature by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Denial of service through application crashes, with potential for limited code execution depending on memory layout and exploit sophistication.

🟢

If Mitigated

Application crash without code execution if exploit attempts fail or memory protections are effective.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious SOCKS4 requests to vulnerable applications. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GLib 2.82.1

Vendor Advisory: https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1

Restart Required: Yes

Instructions:

1. Update GLib to version 2.82.1 or later using your distribution's package manager. 2. Restart affected applications. 3. For source installations: download from gitlab.gnome.org, compile, and install.

🔧 Temporary Workarounds

Disable SOCKS4 proxy

linux

Disable SOCKS4 proxy functionality in applications using GLib

Check application documentation for SOCKS4 proxy configuration

Network filtering

linux

Block SOCKS4 proxy connections at network perimeter

iptables -A INPUT -p tcp --dport 1080 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy application-level firewalls to monitor and block suspicious SOCKS4 traffic

🔍 How to Verify

Check if Vulnerable:

Check GLib version with: pkg-config --modversion glib-2.0

Check Version:

pkg-config --modversion glib-2.0

Verify Fix Applied:

Verify version is 2.82.1 or higher: pkg-config --modversion glib-2.0 | grep -q '^2\.82\.[1-9]\|^2\.8[3-9]\|^[3-9]'

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Unusual SOCKS4 connection attempts

Network Indicators:

Malformed SOCKS4 protocol traffic
Connection attempts to SOCKS4 proxy ports

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "buffer overflow") AND process="*glib*"

📊 Metadata

CVE ID: CVE-2024-52533

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 11, 2024

Last Updated: June 17, 2025

🔗 References

https://gitlab.gnome.org/GNOME/glib/-/issues/3461 Exploit,Issue Tracking
https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 Release Notes
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/12/11 Mailing List
https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20241206-0009/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52533, you might also want to check these: