FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- flaw in DTLS protocol implementation

Affected packages
gnutls < 3.6.13

Details

VuXML ID d887b3d9-7366-11ea-b81a-001cc0382b2f
Discovery 2020-03-31
Entry 2020-03-31

The GnuTLS project reports:

It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol.

[source]

References

CVE Name CVE-2020-11501
URL https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.