CVE-2016-20011

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
References
Link Resource
https://bugzilla.gnome.org/show_bug.cgi?id=772647 Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch Mailing List Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:libgrss:*:*:*:*:*:*:*:*

History

09 Jun 2021, 15:03

Type Values Removed Values Added
References (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch - (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch - Mailing List, Patch, Vendor Advisory

08 Jun 2021, 14:15

Type Values Removed Values Added
References
  • (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch -

01 Jun 2021, 17:03

Type Values Removed Values Added
CWE CWE-295
References (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 - (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 - Issue Tracking, Vendor Advisory
References (MISC) https://bugzilla.gnome.org/show_bug.cgi?id=772647 - (MISC) https://bugzilla.gnome.org/show_bug.cgi?id=772647 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:gnome:libgrss:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

25 May 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-25 21:15

Updated : 2023-12-10 13:55


NVD link : CVE-2016-20011

Mitre link : CVE-2016-20011

CVE.ORG link : CVE-2016-20011


JSON object : View

Products Affected

gnome

  • libgrss
CWE
CWE-295

Improper Certificate Validation