CVE-2020-13614 — Improper Certificate Validation in Project Axel

CWE-295 — Improper Certificate Validation9 documents7 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 31.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axel Axel Project Axel Fedoraproject Fedora +2 more

Timeline

PublishedMay 26

Latest updateMay 24

Description

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDaxel_project/axel< 2.17.8

▶Debianaxel/axel< 2.17.8-1+3

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

Also affects: Fedora 33, 34

🔴Vulnerability Details

GHSA

GHSA-xcp5-2g2r-h36p: An issue was discovered in ssl↗2022-05-24

▶

OSV

CVE-2020-13614: An issue was discovered in ssl↗2020-05-26

▶

CVEList

CVE-2020-13614: An issue was discovered in ssl↗2020-05-26

▶

📋Vendor Advisories

Ubuntu

Axel vulnerability↗2021-03-15

▶

Debian

CVE-2020-13614: axel - An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation l...↗2020

▶

💬Community

Bugzilla

CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach [fedora-all]↗2020-06-18

▶

Bugzilla

CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach↗2020-06-18

▶

Bugzilla

CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach [epel-7]↗2020-06-18

▶