Your submission was sent successfully! Close

CVE-2020-24585

Published: 21 August 2020

An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Not vulnerable
(4.5.0+dfsg-2)
hirsute Not vulnerable
(4.5.0+dfsg-2)
impish Not vulnerable
(4.5.0+dfsg-2)
jammy Not vulnerable
(4.5.0+dfsg-2)
precise Does not exist

trusty Does not exist

upstream
Released (v4.5.0-stable)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable)