Описание
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2.56.4-0ubuntu0.18.04.4 |
| devel | not-affected | 2.64.1-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | 2.56.4-0ubuntu0.18.04.4 |
| esm-infra/focal | not-affected | 2.64.1-1 |
| esm-infra/xenial | not-affected | 2.48.2-0ubuntu4.4 |
| focal | not-affected | 2.64.1-1 |
| precise/esm | not-affected |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3