CVE-2020-11501 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-11501 REJECTED

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

EPSS 11.49% · 93.6th percentile

Risk Scores

EPSS Score

11.49%

93.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	gnutls28	0, 3.3.15-5ubuntu2, 3.3.18-1ubuntu1
Ubuntu:18.04:LTS	gnutls28	0, 3.5.8-6ubuntu3, 3.5.17-1ubuntu1

Timeline

Apr 3, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-11501 third-party-advisory
https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 third-party-advisory
https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2 third-party-advisory
https://ubuntu.com/security/notices/USN-4322-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-11501 third-party-advisory

Open in Interactive Console →