Mageia 2020-0379: Critical GnuTLS Pointer Vulnerability Discovery

mageia

September 30, 2020

An issue was discovered in GnuTLS before 3.6.15

Summary

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure (CVE-2020-24659).

References

- https://bugs.mageia.org/show_bug.cgi?id=27257

- https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04

- https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html

- https://www.cve.org/CVERecord?id=CVE-2020-24659

Topics Covered

security advisory critical gnutls pointer dereference mageia handshake failure TLS client

Resolution

SRPMS

- 7/core/gnutls-3.6.15-1.mga7

Publication date: 30 Sep 2020

URL: https://advisories.mageia.org/MGASA-2020-0379.html

Type: security

CVE: CVE-2020-24659

Topics Covered

security advisory critical gnutls pointer dereference mageia handshake failure TLS client

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 2020-0379: Critical GnuTLS Pointer Vulnerability Discovery

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 2020-0379: Critical GnuTLS Pointer Vulnerability Discovery

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!