Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
383
VMScore

CVE-2021-39358

Published: 22/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Libgfbgraph

Vulnerability Summary

In GNOME libgfbgraph up to and including 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libgfbgraph

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Red Hat: Moderate: gfbgraph security update
Synopsis Moderate: gfbgraph security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gfbgraph is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Debian CVElist Bug Report Logs: gfbgraph: CVE-2021-39358
Debian Bug report logs - #993537 gfbgraph: CVE-2021-39358 Package: src:gfbgraph; Maintainer for src:gfbgraph is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Sep 2021 19:57:02 UTC Severity: important Tags: security, upstre ...
Arch Linux Issues:
In GNOME libgfbgraph through 024, gfbgraph-photoc does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks NOTE: this is similar to CVE-2016-20011 ...

References

CWE-295https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYI47UX6S5PAOWVWQ2KID64MCTXTH7SE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRCVZUNPTNFQQQCEZVP7RYY6OKHPDBC5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXXAF56BYLSES4UCLXKFCODZXTNAZ2G6/https://access.redhat.com/errata/RHSA-2022:1801https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook