CVE-2016-20011
HIGHlibgrss < 0.7.0 - Improper Certificate Validation via SoupSessionSync
Title source: llmDescription
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=772647
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch
Scores
CVSS v3
7.5
EPSS
0.0080
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
gnome/libgrss
< 0.7.0
Published
May 25, 2021
Tracked Since
Feb 18, 2026