CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.275

EPSS Ranking 96.2%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 5.8

References

Products affected by CVE-2020-11501

Gnu » Gnutls » Version: 3.6.10

cpe:2.3:a:gnu:gnutls:3.6.10
Gnu » Gnutls » Version: 3.6.11

cpe:2.3:a:gnu:gnutls:3.6.11
Gnu » Gnutls » Version: 3.6.12

cpe:2.3:a:gnu:gnutls:3.6.12
Gnu » Gnutls » Version: 3.6.3

cpe:2.3:a:gnu:gnutls:3.6.3
Gnu » Gnutls » Version: 3.6.4

cpe:2.3:a:gnu:gnutls:3.6.4
Gnu » Gnutls » Version: 3.6.5

cpe:2.3:a:gnu:gnutls:3.6.5
Gnu » Gnutls » Version: 3.6.6

cpe:2.3:a:gnu:gnutls:3.6.6
Gnu » Gnutls » Version: 3.6.7

cpe:2.3:a:gnu:gnutls:3.6.7
Gnu » Gnutls » Version: 3.6.8

cpe:2.3:a:gnu:gnutls:3.6.8
Gnu » Gnutls » Version: 3.6.8-11.el8_2

cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2
Gnu » Gnutls » Version: 3.6.9

cpe:2.3:a:gnu:gnutls:3.6.9
Canonical » Ubuntu Linux » Version: 19.10

cpe:2.3:o:canonical:ubuntu_linux:19.10
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Fedoraproject » Fedora » Version: 31

cpe:2.3:o:fedoraproject:fedora:31
Fedoraproject » Fedora » Version: 32

cpe:2.3:o:fedoraproject:fedora:32
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11501

Products

Pricing

Contact Us