CVE-2020-24659

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.6.15

Description The issue is related to a buffer overflow record in the GnuTLS library, which can cause a denial of service. A remote attacker can exploit this by triggering a NULL pointer dereference in a TLS 1.3 client, potentially causing the application to crash. This can happen when a no renegotiation alert is sent with unexpected timing, followed by an invalid second handshake.

Recommendations For versions prior to 3.6.15, update to version 3.6.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS 1.3 until the update is applied.

Exploit

Fix

Memory Corruption

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-476

Related Identifiers

ALT-PU-2020-2749

ALT-PU-2020-2779

AZL-6445

BDU:2022-00225

CESA-2020_5483

CVE-2020-24659

MGASA-2020-0379

OESA-2021-1046

OPENSUSE-SU-2020:1724-1

OPENSUSE-SU-2020:1743-1

OPENSUSE-SU-2020_1724-1

OPENSUSE-SU-2020_1743-1

RHSA-2020:5483

RHSA-2020_5483

SUSE-SU-2020:2864-1

SUSE-SU-2020:2864-2

SUSE-SU-2020:2988-1

SUSE-SU-2020_2864-1

SUSE-SU-2020_2864-2

SUSE-SU-2020_2988-1

USN-4491-1

Affected Products

Alt Linux

Astra Linux

Centos

Gnutls

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2020-24659

Weakness Enumeration

Related Identifiers

Affected Products

References · 48