VDB
DEBIAN-CVE-2020-13777
DEBIAN-CVE-2020-13777
PUBLISHED
CVSS 7.400000095367432 HIGH
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | gnutls28 | 0, 0, 0 |
| Debian:12 | gnutls28 | 0, 0, 0 |
| Debian:14 | gnutls28 | 0, 0, 0 |
| Debian:13 | gnutls28 | 0, 0, 0 |
Timeline
- Jun 4, 2020 CVE Published
- Apr 28, 2026 CVE Updated