GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

🗓️ 09 Sep 2020 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

GnuTLS DTLS client uses 32 null bytes instead of random before 3.6.13, weakening security.

Reporter	Title	Published	Views	Family All 65
Tenable Nessus	Alibaba Cloud Linux 3 : 0008: gnutls (ALINUX3-SA-2021:0008)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : gnutls (CESA-2020:1998)	1 Feb 202100:00	–	nessus
Tenable Nessus	Debian DSA-4652-1 : gnutls28 - security update	6 Apr 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : gnutls (EulerOS-SA-2020-1803)	30 Jul 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : gnutls (EulerOS-SA-2020-1899)	28 Aug 202000:00	–	nessus
Tenable Nessus	Fedora 31 : mingw-gnutls (2020-d14280a6e8)	8 May 202000:00	–	nessus
Tenable Nessus	FreeBSD : GnuTLS -- flaw in DTLS protocol implementation (d887b3d9-7366-11ea-b81a-001cc0382b2f)	2 Apr 202000:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 6.01 : gnutls Vulnerability (NS-SA-2020-0033)	21 Jul 202000:00	–	nessus
Tenable Nessus	openSUSE Security Update : gmp / gnutls / libnettle (openSUSE-2020-501)	14 Apr 202000:00	–	nessus
Tenable Nessus	Oracle Linux 8 : gnutls (ELSA-2020-1998)	11 May 202000:00	–	nessus

Vulners

Node

microsoft cm1_gnutls_3.6.14-6Range<3.6.14-6

09 Sep 2020 07:00Current

7High risk

Vulners AI Score7

CVSS 25.8

CVSS 3.17.4

EPSS0.11487

gnutls randomness security-weakness null-bytes