← Back

Glib Networking

glib-networking

Vendor: Gnome • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-13645
5Broadcom
CanonicalFedoraproject+2 more
6Balsa
Cloud BackupFabric Operating System+3 more
Nov 21, 2024
May 28, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in...Show more
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.Show less