CVE-2020-6750

Name
CVE-2020-6750
Description
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://gitlab.gnome.org/GNOME/glib/issues/1989
Third Party Advisory https://bugzilla.suse.com/show_bug.cgi?id=1160668
CONFIRM https://security.netapp.com/advisory/ntap-20200127-0001/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* glib >= 2.60.0 <= 2.62.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
glib 3.10-main 2.60.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable