Unrated severityNVD Advisory· Published Jun 19, 2020· Updated Aug 4, 2024
CVE-2020-14929
CVE-2020-14929
Description
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Alpine/Alpinedescription
- Range: <2.23
- osv-coords2 versionspkg:rpm/opensuse/alpine&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/alpine&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.24-lp152.5.3.1+ 1 more
- (no CPE)range: < 2.24-lp152.5.3.1
- (no CPE)range: < 2.24-bp152.4.3.1
Patches
Vulnerability mechanics
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFXQGKZZMP3VSTLZVO5Z7Z6USYIW37A6/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJLY6JDVGDNAJZ3UQDWYWSDBWOAOXMNX/mitrevendor-advisoryx_refsource_FEDORA
- mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.htmlmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/06/msg00025.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.