CVE-2020-6750 — Improper Input Validation in Glib
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 30.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 9
Latest updateMay 24
Description
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are una…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
🔴Vulnerability Details
3📋Vendor Advisories
3Microsoft▶
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so because the proxy_addr field is misha↗2020-01-14
Red Hat
▶
Debian▶
CVE-2020-6750: glib2.0 - GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to ...↗2020
💬Community
4Bugzilla▶
CVE-2020-6750 glib2: glib: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored [fedora-all]↗2020-01-14
Bugzilla▶
CVE-2020-6750 glib: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored↗2020-01-13
Bugzilla▶
CVE-2020-6750 mingw-glib2: glib: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored [fedora-all]↗2020-01-13
Bugzilla▶
CVE-2020-6750 mingw-glib2: glib: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored [epel-7]↗2020-01-13