Unrated severityNVD Advisory· Published Aug 22, 2021· Updated Aug 4, 2024
CVE-2021-39358
CVE-2021-39358
Description
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- GNOME/libgfbgraphdescription
- Range: <=0.2.4
- osv-coords4 versionspkg:rpm/almalinux/gfbgraphpkg:rpm/opensuse/gfbgraph&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/gfbgraph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/gfbgraph&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 0.2.4-1.el8+ 3 more
- (no CPE)range: < 0.2.4-1.el8
- (no CPE)range: < 0.2.3-150000.3.5.1
- (no CPE)range: < 0.2.3-150000.3.5.1
- (no CPE)range: < 0.2.3-150000.3.5.1
Patches
Vulnerability mechanics
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRCVZUNPTNFQQQCEZVP7RYY6OKHPDBC5/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYI47UX6S5PAOWVWQ2KID64MCTXTH7SE/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXXAF56BYLSES4UCLXKFCODZXTNAZ2G6/mitrevendor-advisoryx_refsource_FEDORA
- blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.