DEBIAN-CVE-2020-24613
- Source
- https://security-tracker.debian.org/tracker/CVE-2020-24613
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-24613.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2020-24613
- Upstream
- Published
- 2020-08-24T22:15:10.340Z
- Modified
- 2025-11-19T01:08:53.220094Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAITCERTCR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.
- References
Affected packages
Debian:11 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source
Debian:12 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source
Debian:13 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source
Debian:14 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source