VDB

ALPINE-CVE-2020-11501

ALPINE-CVE-2020-11501 PUBLISHED CVSS 7.400000095367432 HIGH

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

Risk Scores

CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.16gnutls2.10.5-r0, 2.10.4-r0, 2.10.5-r1
Alpine:v3.10gnutls2.10.5-r1, 2.10.4-r0, 0
Alpine:v3.17gnutls3.1.1-r0, 3.1.10-r0, 3.1.11-r0
Alpine:v3.21gnutls3.5.15-r0, 0, 2.10.4-r0
Alpine:v3.23gnutls3.1.0-r0, 3.3.2-r0, 3.5.13-r0
Alpine:v3.19gnutls0, 3.6.0-r0, 3.6.1-r0
Alpine:v3.14gnutls2.8.6-r0, 2.8.6-r3, 3.0.17-r0
Alpine:v3.15gnutls3.5.9-r0, 3.5.8-r1, 3.5.8-r0
Alpine:v3.18gnutls3.4.3-r0, 0, 2.10.4-r0
Alpine:v3.22gnutls2.8.1-r0, 2.6.6-r0, 2.6.5-r0
Alpine:v3.13gnutls3.3.9-r1, 3.6.9-r0, 3.6.8-r1
Alpine:v3.12gnutls3.3.6-r0, 3.6.9-r0, 3.6.8-r1
Alpine:v3.8gnutls2.10.4-r0, 2.10.5-r2, 2.12.16-r0
Alpine:v3.20gnutls3.6.5-r0, 2.6.6-r0, 3.6.9-r0
Alpine:v3.9gnutls2.12.7-r0, 2.12.6.1-r0, 2.12.16-r0

Timeline

  • Apr 3, 2020 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›