Unrated severityNVD Advisory· Published Aug 22, 2021· Updated Aug 4, 2024
CVE-2021-39365
CVE-2021-39365
Description
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Affected products
24- GNOME/grilodescription
- Range: <=0.3.13
- osv-coords22 versionspkg:rpm/almalinux/grilopkg:rpm/almalinux/grilo-develpkg:rpm/opensuse/grilo&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grilo&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/grilo&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/grilo&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 0.3.6-3.el8+ 21 more
- (no CPE)range: < 0.3.6-3.el8
- (no CPE)range: < 0.3.6-3.el8
- (no CPE)range: < 0.3.12-lp152.2.3.1
- (no CPE)range: < 0.3.12-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.12-3.3.1
- (no CPE)range: < 0.3.12-3.3.1
- (no CPE)range: < 0.3.2-7.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.2-7.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.4-3.3.1
- (no CPE)range: < 0.3.2-7.3.1
- (no CPE)range: < 0.3.2-7.3.1
- (no CPE)range: < 0.3.12-3.3.1
- (no CPE)range: < 0.3.12-3.3.1
Patches
Vulnerability mechanics
References
4- www.debian.org/security/2021/dsa-4964mitrevendor-advisoryx_refsource_DEBIAN
- blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/grilo/-/issues/146mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/09/msg00010.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.