CVE-2020-13645
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-13645
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13645.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-13645
- Related
- Published
- 2020-05-28T12:15:11Z
- Modified
- 2024-12-04T07:49:29.965201Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
- References
-
- https://gitlab.gnome.org/GNOME/balsa/-/issues/34
- https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
- https://security.gentoo.org/glsa/202007-50
- https://security.netapp.com/advisory/ntap-20200608-0004/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/
- https://usn.ubuntu.com/4405-1/
- https://security-tracker.debian.org/tracker/CVE-2020-13645
Affected packages
Debian:11 / glib-networking
Package
- Name
- glib-networking
- Purl
- pkg:deb/debian/glib-networking?arch=source
Debian:12 / glib-networking
Package
- Name
- glib-networking
- Purl
- pkg:deb/debian/glib-networking?arch=source
Debian:13 / glib-networking
Package
- Name
- glib-networking
- Purl
- pkg:deb/debian/glib-networking?arch=source
Git / github.com/gnome/glib-networking
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnome/glib-networking
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/balsa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.25.0
2.26.0
2.27.4
2.27.5
2.27.90
2.28.0
2.28.4
2.28.5
2.28.6
2.29.15
2.29.18
2.29.9
2.29.92
2.31.0
2.31.16
2.31.2
2.31.20
2.31.22
2.31.6
2.32.0
2.32.1
2.33.10
2.33.12
2.33.14
2.33.14.1
2.33.2
2.34
2.35.1
2.35.3
2.35.4
2.35.6
2.35.8
2.35.9
2.36.0
2.37.1
2.37.2
2.37.4
2.37.5
2.38.0
2.38.1
2.39.1
2.39.3
2.39.90
2.4.90
2.4.91
2.40.0
2.41.3
2.41.4
2.41.92
2.42.0
2.43.1
2.43.91
2.43.92
2.44.0
2.45.1
2.46.0
2.47.1
2.48.0
2.48.1
2.48.2
2.49.90
2.5.0
2.5.0a
2.5.1
2.5.10
2.5.2
2.5.3a
2.5.4
2.5.5
2.5.6
2.5.7a
2.5.8
2.5.9
2.50.0
2.53.90
2.54.0
2.55.1
2.55.2
2.55.90
2.57.1
2.57.2
2.57.3
2.57.90
2.57.92
2.58.0
2.59.1
2.59.2
2.59.90
2.59.91
2.59.92
2.60.0
2.60.0.1
2.60.1
2.60.2
2.61.1
2.61.2
2.61.90
2.61.92
2.62.0
2.62.1
2.62.2
2.62.3
Other
BALSA_1_0_0
BALSA_1_1_0
BALSA_1_1_1
BALSA_1_1_2
BALSA_1_1_4
BALSA_1_1_7
BALSA_1_2_0
BALSA_1_2_2
BALSA_1_2_pre2
BALSA_1_3_0
BALSA_1_3_3
BALSA_1_3_4
BALSA_1_3_5
BALSA_1_3_6
BALSA_1_4_0
BALSA_1_4_1
BALSA_2_0_13
BALSA_2_0_8
BALSA_2_0_9
BALSA_2_1_1
BALSA_2_1_2
BALSA_2_1_3
BALSA_2_1_91
BALSA_2_2_1
BALSA_2_2_2
BALSA_2_2_4
BALSA_2_2_5
BALSA_2_2_6
BALSA_2_3_0
BALSA_2_3_1
BALSA_2_3_10
BALSA_2_3_12
BALSA_2_3_13
BALSA_2_3_15
BALSA_2_3_19
BALSA_2_3_2
BALSA_2_3_20
BALSA_2_3_24
BALSA_2_3_26
BALSA_2_3_3
BALSA_2_3_4
BALSA_2_3_5
BALSA_2_3_7
BALSA_2_3_8
GNOME0
GNOME_MEDIA_1_2_2
GNOME_PRINT_0_24
WITHXMHTML
balsa-0-8
balsa-0-9-5
balsa-0_6_0
before-new-toolbars
dev_0_9_1
initial-BALSA-CONFIG
release_tag
glib-2.*
glib-2.33.3