CVE-2020-24659

Опубликовано: 04 сент. 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	released	3.6.13-4ubuntu5
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	code not present
esm-infra/focal	released	3.6.13-2ubuntu1.3
esm-infra/xenial	not-affected	code not present
focal	released	3.6.13-2ubuntu1.3
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-24659

CVSS3: 7.5

redhat

больше 5 лет назад

CVE-2020-24659

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-24659

CVSS3: 7.5

msrc

больше 5 лет назад

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure.

CVE-2020-24659

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...

openSUSE-SU-2020:1743-1

suse-cvrf

больше 5 лет назад

Security update for gnutls

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2020-24659

Описание

Пакет gnutls28

Ссылки на источники

Связанные уязвимости