UBUNTU-CVE-2020-24613
- Source
- https://ubuntu.com/security/CVE-2020-24613
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24613.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-24613
- Related
- Published
- 2020-08-24T22:15:00Z
- Modified
- 2025-06-03T17:34:30Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAITCERTCR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/ubuntu/wolfssl@3.4.8+dfsg-1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/ubuntu/wolfssl@3.13.0+dfsg-1?arch=source&distro=esm-apps/bionic