QwikSec

Security Database

CVE

CWE

Training

CVE-2020-13645

Published: May 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135

x_refsource_MISC

https://gitlab.gnome.org/GNOME/balsa/-/issues/34

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200608-0004/

x_refsource_CONFIRM

FEDORA-2020-98ebbd1397

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-cadbc5992f

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-a83c8cd358

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.