Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Related bugs and status

CVE-2020-24659 (Candidate) is related to these bugs:

Bug #1893924: memory leak in GnuTLS iov operations used by Samba

		In	Importance	Status
1893924	memory leak in GnuTLS iov operations used by Samba	gnutls28 (Ubuntu)	High	Fix Released
1893924	memory leak in GnuTLS iov operations used by Samba	Gnutls	Unknown	Unknown
1893924	memory leak in GnuTLS iov operations used by Samba	gnutls28 (Debian)	Unknown	Fix Released
1893924	memory leak in GnuTLS iov operations used by Samba	gnutls28 (Ubuntu Groovy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://gitlab.com/gnu...
MISC: https://www.gnutls.org...
GENTOO: GLSA-202009-01
CONFIRM: https://security.netap...
FEDORA: FEDORA-2020-0ab6656303
UBUNTU: USN-4491-1
FEDORA: FEDORA-2020-de51ee7cc9
SUSE: openSUSE-SU-2020:1724
SUSE: openSUSE-SU-2020:1743