VDB
DEBIAN-CVE-2020-11501
DEBIAN-CVE-2020-11501
PUBLISHED
CVSS 7.400000095367432 HIGH
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | gnutls28 | 0, 0, 0 |
| Debian:11 | gnutls28 | 0, 0, 0 |
| Debian:13 | gnutls28 | 0, 0, 0 |
| Debian:12 | gnutls28 | 0, 0, 0 |
Timeline
- Apr 3, 2020 CVE Published
- Apr 28, 2026 CVE Updated