Bug 1790288 (CVE-2020-6750) - CVE-2020-6750 glib: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored
Summary: CVE-2020-6750 glib: Mishandling of proxy_addr field in GSocketClient may lead...
Alias: CVE-2020-6750
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1790289 1790866
Blocks: Embargoed1790291
TreeView+ depends on / blocked
Reported: 2020-01-13 02:59 UTC by Pedro Sampaio
Modified: 2021-02-16 20:46 UTC (History)
24 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-01-14 12:28:41 UTC

Attachments (Terms of Use)

Description Pedro Sampaio 2020-01-13 02:59:35 UTC
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.

Upstream issue:




Comment 1 Pedro Sampaio 2020-01-13 03:00:05 UTC
Created mingw-glib2 tracking bugs for this issue:

Affects: epel-7 [bug 1790290]
Affects: fedora-all [bug 1790289]

Comment 2 Huzaifa S. Sidhpurwala 2020-01-14 12:22:10 UTC
Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1790866]

Comment 3 Huzaifa S. Sidhpurwala 2020-01-14 12:28:46 UTC

As per upstream versions of glib2 before 2.60 are unaffected, therefore glib2 package shipped with Red Hat Products are not affected by this flaw.

Comment 5 msiddiqu 2020-02-11 09:06:07 UTC
Upstream merge request:


Note You need to log in before you can comment on or make changes to this bug.