VDB

GCVE-110-MAGEIA-2020-390

GCVE-110-MAGEIA-2020-390
Advisory Published
Vulnetix · Advisory published October 21, 2020
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)

Affected Products

VendorProductVersionsPlatforms
Mageiageary0 (affected), 3.32.1-1.1.mga7 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›