Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-39358

Опубликовано: 22 авг. 2021
Источник: debian
EPSS Низкий

Описание

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gfbgraphfixed0.2.5-1package
gfbgraphno-dsabullseyepackage
gfbgraphno-dsabusterpackage
gfbgraphpostponedstretchpackage

Примечания

  • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/

  • https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17

EPSS

Процентиль: 55%
0.00331
Низкий

Связанные уязвимости

CVSS3: 5.9
ubuntu
почти 4 года назад

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS3: 7.5
redhat
почти 4 года назад

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS3: 5.9
nvd
почти 4 года назад

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

suse-cvrf
почти 3 года назад

Security update for gfbgraph

rocky
около 3 лет назад

Moderate: gfbgraph security update

EPSS

Процентиль: 55%
0.00331
Низкий