CVE-2020-13777
04.06.2020, 07:15
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.6.0 ≤ 𝑥 < 3.6.14 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnutls |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutls-devel |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutls30 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutls30-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutls30-hmac |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutls30-hmac-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutlsxx-devel |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutlsxx28 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libgnutlsxx30 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnutls |
| ||||||||||||||||
| gnutls-c |
| ||||||||||||||||
| gnutls-dane |
| ||||||||||||||||
| gnutls-devel |
| ||||||||||||||||
| gnutls-utils |
|
Common Weakness Enumeration
References