CVE-2020-24588

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-24588

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24588.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-24588

Downstream

DEBIAN-CVE-2020-24588

DLA-2689-1

DLA-2690-1

DLA-3380-1

RHSA-2021:4140

RHSA-2021:4356

SUSE-SU-2021:14764-1

SUSE-SU-2021:1888-1

SUSE-SU-2021:1889-1

SUSE-SU-2021:1890-1

SUSE-SU-2021:1975-1

SUSE-SU-2021:1977-1

SUSE-SU-2021:2208-1

SUSE-SU-2021:2321-1

SUSE-SU-2021:2324-1

SUSE-SU-2021:2349-1

SUSE-SU-2021:2406-1

SUSE-SU-2021:2421-1

SUSE-SU-2021:2422-1

SUSE-SU-2021:2427-1

SUSE-SU-2021:2451-1

SUSE-SU-2023:0394-1

SUSE-SU-2023:0433-1

SUSE-SU-2023:0488-1

SUSE-SU-2023:2809-1

UBUNTU-CVE-2020-24588

USN-4999-1

USN-5000-1

USN-5000-2

USN-5001-1

openSUSE-SU-2021:0843-1

openSUSE-SU-2021:0947-1

openSUSE-SU-2021:1975-1

openSUSE-SU-2021:1977-1

openSUSE-SU-2021:2427-1

openSUSE-SU-2024:10728-1

openSUSE-SU-2024:13704-1

Related

Published

2021-05-11T20:15:08Z

Modified

2025-08-09T20:01:26Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

References

Affected packages