CVE-2020-6750 — Vulnetix

CVE-2020-6750 REJECTED

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.

EPSS 0.58% · 69.4th percentile

Risk Scores

EPSS Score

0.58%

69.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	glib2.0	0, 2.62.1-1, 2.63.1-2
Ubuntu:16.04:LTS	glib2.0	0, 2.46.1-1, 2.47.1-1
Ubuntu:18.04:LTS	glib2.0	2.54.1-1ubuntu1, 0, 2.55.2-2ubuntu1

Exploit Intelligence

https://bugzilla.suse.com/show_bug.cgi?id=1160668 (circl)
https://security.netapp.com/advisory/ntap-20200127-0001/ (circl)
FEDORA-2020-339d413324 (circl)
FEDORA-2020-c101a316ab (circl)
FEDORA-2020-092ef6572a (circl)
https://gitlab.gnome.org/GNOME/glib/issues/1989 (nist-nvd)

Timeline

Jan 9, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Jul 21, 2021 CVE Updated
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-6750 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-6750 third-party-advisory

Open in Interactive Console →