GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-03T12:42:28
Updated: 2024-08-04T11:35:12.441Z
Reserved: 2020-04-03T00:00:00
Link: CVE-2020-11501
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-04-03T13:15:13.170
Modified: 2024-11-21T04:58:01.673
Link: CVE-2020-11501
Redhat