CVE-2020-24587
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-24587
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24587.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-24587
- Downstream
- Related
- Published
- 2021-05-11T20:15:08Z
- Modified
- 2025-07-29T09:19:33.029873Z
- Severity
-
- 2.6 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
- References
-
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://security-tracker.debian.org/tracker/CVE-2020-24587
Affected packages
Debian:11 / firmware-nonfree
Package
- Name
- firmware-nonfree
- Purl
- pkg:deb/debian/firmware-nonfree?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44
Other
20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
20210818-1
20220913-1
20221012-1
20221109-1
20221109-2
20221109-3
20221109-4
20221214-1
20221214-2
20221214-3
20221214-5
20230117-1
20230117-2
20230210-1
20230210-2
20230210-3
20230210-4~bpo11+1
20230210-4
20230210-5~bpo11+1
20230210-5
20230310-1~exp1
20230310-1~exp2
20230404-1
20230515-1
20230515-2
20230515-3
20230515-4
20230625-1
20230625-2
20230625-3~exp2
20230625-3~exp3
20240610-1
20240709-1
20240709-2~bpo12+1
20240709-2
20240811-1
20240909-1
20240909-2
20241210-1~bpo12+1
20241210-1
20250109-1
20250211-1
20250311-1
20250410-1
20250410-2~bpo12+1
20250410-2
20250509-1
20250613-1
20250627-1
20250708-1
Debian:12 / firmware-nonfree
Package
- Name
- firmware-nonfree
- Purl
- pkg:deb/debian/firmware-nonfree?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20210818-1
Affected versions
0.*
0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44
Other
20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
Debian:13 / firmware-nonfree
Package
- Name
- firmware-nonfree
- Purl
- pkg:deb/debian/firmware-nonfree?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20210818-1
Affected versions
0.*
0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44
Other
20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source