CVE-2020-24586
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-24586
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24586.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-24586
- Related
- Published
- 2021-05-11T20:15:08Z
- Modified
- 2024-09-18T03:08:59.170003Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
- References
-
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://security-tracker.debian.org/tracker/CVE-2020-24586
Affected packages
Debian:11 / firmware-nonfree
Package
- Name
- firmware-nonfree
- Purl
- pkg:deb/debian/firmware-nonfree?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44
Other
20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
20210818-1
20220913-1
20221012-1
20221109-1
20221109-2
20221109-3
20221109-4
20221214-1
20221214-2
20221214-3
20221214-5
20230117-1
20230117-2
20230210-1
20230210-2
20230210-3
20230210-4~bpo11+1
20230210-4
20230210-5~bpo11+1
20230210-5
20230310-1~exp1
20230310-1~exp2
20230404-1
20230515-1
20230515-2
20230515-3
20230515-4
20230625-1
20230625-2
20230625-3~exp2
20230625-3~exp3
20240610-1
20240709-1
20240709-2~bpo12+1
20240709-2
Debian:12 / firmware-nonfree
Package
- Name
- firmware-nonfree
- Purl
- pkg:deb/debian/firmware-nonfree?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20210818-1
Affected versions
0.*
0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44
Other
20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
Debian:13 / firmware-nonfree
Package
- Name
- firmware-nonfree
- Purl
- pkg:deb/debian/firmware-nonfree?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20210818-1
Affected versions
0.*
0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44
Other
20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source