Vulnerability Details CVE-2016-20011
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugzilla.gnome.org/show_bug.cgi?id=772647
- https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
- https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch
- https://bugzilla.gnome.org/show_bug.cgi?id=772647
- https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
- https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch
Products affected by CVE-2016-20011
-
cpe:2.3:a:gnome:libgrss:0.3
-
cpe:2.3:a:gnome:libgrss:0.4
-
cpe:2.3:a:gnome:libgrss:0.5
-
cpe:2.3:a:gnome:libgrss:0.6
-
cpe:2.3:a:gnome:libgrss:0.7.0