CVE-2020-24659

Priority
Description
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a
NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is
sent with unexpected timing, and then an invalid second handshake occurs.
The crash happens in the application's error handling path, where the
gnutls_deinit function is called after detecting a handshake failure.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (3.6.15-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):released (3.6.13-2ubuntu1.3)
Ubuntu 20.10 (Groovy Gorilla):released (3.6.13-4ubuntu5)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a
More Information

Updated: 2020-09-18 04:45:57 UTC (commit 138a3b00836060d8cce6678d1a23781391e3219f)