Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glib-networking | unfixed | package |
Примечания
https://gitlab.gnome.org/GNOME/glib-networking/-/issues/228
OpenSSL backend disabled by default upstream and in Debian
Связанные уязвимости
CVSS3: 5.4
redhat
около 1 месяца назад
A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory.