CVE-2020-24586

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-24586
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24586.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24586
Related
Published
2021-05-11T20:15:08Z
Modified
2024-09-11T04:35:21.300501Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

References

Affected packages

Debian:11 / firmware-nonfree

Package

Name
firmware-nonfree
Purl
pkg:deb/debian/firmware-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44

Other

20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1
20210818-1
20220913-1
20221012-1
20221109-1
20221109-2
20221109-3
20221109-4
20221214-1
20221214-2
20221214-3
20221214-5
20230117-1
20230117-2
20230210-1
20230210-2
20230210-3
20230210-4~bpo11+1
20230210-4
20230210-5~bpo11+1
20230210-5
20230310-1~exp1
20230310-1~exp2
20230404-1
20230515-1
20230515-2
20230515-3
20230515-4
20230625-1
20230625-2
20230625-3~exp2
20230625-3~exp3
20240610-1
20240709-1
20240709-2~bpo12+1
20240709-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / firmware-nonfree

Package

Name
firmware-nonfree
Purl
pkg:deb/debian/firmware-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20210818-1

Affected versions

0.*

0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44

Other

20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / firmware-nonfree

Package

Name
firmware-nonfree
Purl
pkg:deb/debian/firmware-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20210818-1

Affected versions

0.*

0.1
0.2
0.3
0.4
0.4etch1
0.4+etchnhalf.1
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13~bpo40+1
0.13
0.14
0.14+lenny1
0.14+lenny2
0.15
0.16~bpo50+1
0.16
0.17~bpo50+1
0.17
0.18
0.19
0.20
0.21
0.22
0.23~bpo50+1
0.23
0.24~bpo50+1
0.24
0.25
0.26
0.27~bpo50+1
0.27
0.28
0.28+squeeze1
0.29
0.30
0.31
0.32~bpo60+1
0.32
0.33
0.34
0.35~bpo60+1
0.35
0.36
0.36+wheezy.1~bpo60+1
0.36+wheezy.1
0.37
0.38~bpo70+1
0.38
0.39~bpo70+1
0.39
0.40~bpo70+1
0.40
0.41~bpo70+1
0.41
0.42
0.43~bpo70+1
0.43
0.44~bpo8+1
0.44

Other

20151018-1
20151018-2~bpo8+1
20151018-2
20151207-1~bpo8+1
20151207-1
20160110-1~bpo8+1
20160110-1
20160824-1~bpo8+1
20160824-1
20161130-1
20161130-2~bpo8+1
20161130-2
20161130-3~bpo8+1
20161130-3
20161130-4~deb8u1
20161130-4
20161130-5~deb8u1
20161130-5
20170823-1~bpo9+1
20170823-1
20180518-1~bpo9+1
20180518-1
20180825-1
20180825+dfsg-1~bpo9+1
20180825+dfsg-1
20190114-1~bpo9+1
20190114-1~bpo9+2
20190114-1
20190114-2~bpo9+1
20190114-2~deb9u1
20190114-2
20190502-1
20190717-1
20190717-2~bpo10+1
20190717-2
20200421-1
20200619-1~bpo10+1
20200619-1
20200721-1~bpo10+1
20200721-1
20200817-1~bpo10+1
20200817-1
20200918-1~bpo10+1
20200918-1
20201022-1
20201118-1
20201218-1
20201218-2
20201218-3
20210208-1
20210208-2
20210208-3
20210208-4~bpo10+1
20210208-4
20210315-1~exp1
20210315-1
20210315-2~bpo10+1
20210315-2
20210315-3~bpo10+1
20210315-3
20210322-1~exp1
20210427-1
20210511-1~exp1
20210511-1
20210716-1~exp1
20210818-1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}