CVE-2020-24586

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-24586

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24586.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-24586

Downstream

DEBIAN-CVE-2020-24586

DLA-2689-1

DLA-2690-1

DLA-3380-1

RHSA-2021:4140

RHSA-2021:4356

SUSE-SU-2021:14764-1

SUSE-SU-2021:1887-1

SUSE-SU-2021:1888-1

SUSE-SU-2021:1889-1

SUSE-SU-2021:1890-1

SUSE-SU-2021:1891-1

SUSE-SU-2021:1899-1

SUSE-SU-2021:1912-1

SUSE-SU-2021:1913-1

SUSE-SU-2021:1975-1

SUSE-SU-2021:1977-1

SUSE-SU-2021:2208-1

SUSE-SU-2021:2406-1

SUSE-SU-2021:2421-1

SUSE-SU-2021:2451-1

UBUNTU-CVE-2020-24586

USN-4999-1

USN-5000-1

USN-5000-2

USN-5001-1

USN-5018-1

openSUSE-SU-2021:0843-1

openSUSE-SU-2021:0947-1

openSUSE-SU-2021:1975-1

openSUSE-SU-2021:1977-1

openSUSE-SU-2024:10728-1

openSUSE-SU-2024:13704-1

Related

Published

2021-05-11T20:15:08Z

Modified

2025-08-09T20:01:27Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

References

Affected packages