VDB
CVE-2016-20011
CVE-2016-20011
PUBLISHED
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
EPSS 0.84% · 75.0th percentile
Risk Scores
EPSS Score
0.84%
75.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | libgrss | 0.5.0-3, 0.7.0-1, 0.7.0-2 |
| Ubuntu:22.04:LTS | libgrss | 0.7.0-2, 0 |
| Ubuntu:20.04:LTS | libgrss | 0.7.0-2, 0 |
| Ubuntu:18.04:LTS | libgrss | 0, 0.7.0-2 |
| Ubuntu:24.04:LTS | libgrss | 0, 0.7.0-2.1build1, 0.7.0-2 |
Timeline
- May 25, 2021 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- May 24, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-20011 third-party-advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=772647 third-party-advisory
- https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-20011 third-party-advisory