CVE-2020-24659
Summary
| CVE | CVE-2020-24659 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-04 15:15:00 UTC |
| Updated | 2023-11-07 03:20:00 UTC |
| Description | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. |
Risk And Classification
Problem Types: CWE-787 | CWE-476
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Application | Gnu | Gnutls | All | All | All | All |
| Application | Gnu | Gnutls | All | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 33 Update: mingw-gnutls-3.6.15-1.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| GnuTLS | MISC | www.gnutls.org | Vendor Advisory |
| [SECURITY] Fedora 32 Update: mingw-gnutls-3.6.15-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| GnuTLS: Denial of service (GLSA 202009-01) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| USN-4491-1: GnuTLS vulnerability | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| CVE-2020-24659 GnuTLS Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| [SECURITY] Fedora 32 Update: mingw-gnutls-3.6.15-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2020:1743-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 33 Update: mingw-gnutls-3.6.15-1.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [security-announce] openSUSE-SU-2020:1724-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| CVE-2020-24659: read-heap-buffer-overflow found by fuzz (#1071) · Issues · gnutls / GnuTLS · GitLab | MISC | gitlab.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296070 Oracle Solaris 11.4 Support Repository Update (SRU) 28.82.3 Missing (CPUOCT2020)
- 377363 Alibaba Cloud Linux Security Update for gnutls (ALINUX3-SA-2021:0008)
- 500234 Alpine Linux Security Update for gnutls
- 500362 Alpine Linux Security Update for gnutls
- 503980 Alpine Linux Security Update for gnutls
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 690514 Free Berkeley Software Distribution (FreeBSD) Security Update for gnutls (2272e6f1-f029-11ea-838a-0011d823eebd)
- 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
- 900113 CBL-Mariner Linux Security Update for gnutls 3.6.14
- 901708 Common Base Linux Mariner (CBL-Mariner) Security Update for gnutls (6445-1)
- 902834 Common Base Linux Mariner (CBL-Mariner) Security Update for gnutls (2201)
- 940380 AlmaLinux Security Update for gnutls (ALSA-2020:5483)