CVE-2021-39358

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GNOME libgfbgraph versions prior to 0.2.5

Description: The issue is related to the lack of TLS certificate verification in the SoupSessionSync objects created by gfbgraph-photo.c, making users susceptible to network man-in-the-middle (MITM) attacks.

Recommendations: For versions prior to 0.2.5, update to version 0.2.5 or later to enable TLS certificate verification and prevent MITM attacks.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2022:1801

ALT-PU-2021-3165

ALT-PU-2021-3500

ALT-PU-2025-1472

CESA-2022_1801

CVE-2021-39358

INFSA-2022_1801

MGASA-2021-0530

OESA-2021-1434

OESA-2022-1937

OPENSUSE-SU-2022_2876-1

OPENSUSE-SU-2024:11608-1

RHSA-2022:1801

RHSA-2022_1801

RLSA-2022:1801

SUSE-SU-2022:2876-1

SUSE-SU-2022_2876-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Gnome Libgfbgraph

Red Hat

Rocky Linux

Suse

CVE-2021-39358

Weakness Enumeration

Related Identifiers

Affected Products

References · 34