Published: 04/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in GnuTLS prior to 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnutls
fedoraproject fedora 32
fedoraproject fedora 33
opensuse leap 15.1
opensuse leap 15.2
canonical ubuntu linux 20.04

Debian Bug report logs - #969547 gnutls28: CVE-2020-24659: GNUTLS-SA-2020-09-04 Package: src:gnutls28; Maintainer for src:gnutls28 is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 4 Sep 2020 18:39:02 UTC Severity: important Tags ...

Synopsis Moderate: gnutls security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for gnutls is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...

Synopsis Important: Red Hat Ceph Storage 42 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Moderate: Release of OpenShift Serverless 1120 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1120Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detaile ...

Synopsis Moderate: Red Hat Quay v333 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay v333 is now available with bug fixes and security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-787 CWE-476 https://gitlab.com/gnutls/gnutls/-/issues/1071 https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 https://security.gentoo.org/glsa/202009-01 https://security.netapp.com/advisory/ntap-20200911-0006/https://usn.ubuntu.com/4491-1/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969547 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2020-24659

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect