{"id":"JLSEC-2026-519","details":"An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.","modified":"2026-05-26T14:30:03.264386004Z","published":"2026-05-26T14:17:50.003Z","upstream":["CVE-2020-24659"],"database_specific":{"license":"CC-BY-4.0","sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24659","id":"CVE-2020-24659","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-24659","database_specific":{"status":"Modified"},"modified":"2024-11-21T05:15:26.003Z","published":"2020-09-04T15:15:10.803Z","imported":"2026-05-22T18:34:34.730Z"}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"},{"type":"WEB","url":"https://gitlab.com/gnutls/gnutls/-/issues/1071"},{"type":"WEB","url":"https://gitlab.com/gnutls/gnutls/-/issues/1071"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202009-01"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202009-01"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200911-0006/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200911-0006/"},{"type":"WEB","url":"https://usn.ubuntu.com/4491-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4491-1/"},{"type":"WEB","url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"},{"type":"WEB","url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"}],"affected":[{"package":{"name":"GnuTLS_jll","ecosystem":"Julia","purl":"pkg:julia/GnuTLS_jll?uuid=0951126a-58fd-58f1-b5b3-b08c7c4a876d"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.7.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-519.json"}}],"schema_version":"1.7.5"}