GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-03T12:42:28

Updated: 2024-08-04T11:35:12.441Z

Reserved: 2020-04-03T00:00:00

Link: CVE-2020-11501

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-03T13:15:13.170

Modified: 2024-11-21T04:58:01.673

Link: CVE-2020-11501

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-03-27T00:00:00Z

Links: CVE-2020-11501 - Bugzilla