UBUNTU-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 is affected by a flaw in how the TLS session-ticket encryption key is constructed, caused by an 2018-09-18 commit. The earliest affected version is 3.6.4 . Until the first key rotation, the TLS server uses incorrect data in place of a key derived from the application, l...

CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

Slackware 14.2 / current : gnutls (SSA:2020-155-01)

New gnutls packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-155-01. The text itself is copyright C Slackware Linux, Inc...

CVE-2020-13777

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnutls-3.6.14-i586-1slack14.2.txz: Upgraded. Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bin...

GnuTLS -- flaw in TLS session ticket key construction

The GnuTLS project reports: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authenticatio...

PT-2020-13675 · Gnu +7 · Gnutls +7

Name of the Vulnerable Software and Affected Versions: GnuTLS versions 3.6.4 through 3.6.14 Description: The issue is related to incorrect cryptography used for encrypting a session ticket, leading to a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3. This allows an...

gnutls:gnutls_client_fuzzer: Null-dereference READ with empty stacktrace

Project: https://gitlab.com/gnutls/gnutls.git Detailed Report: https://oss-fuzz.com/testcase?key=5102053377703936 Project: gnutls Fuzzing Engine: afl Fuzz Target: gnutlsclientfuzzer Job Type: aflasangnutls Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash...

Insecure Random Number Generator

gnutls uses an insecure random number generator. The DTLS client hello contains a random value of all zeroes...

The vulnerability of the `send_client_hello` function in `handshake.c` of the GnuTLS cryptographic library is related to deficiencies in the cryptographic algorithms used. This vulnerability allows an attacker to gain unauthorized access to confidential data or compromise the integrity of the data.

The vulnerability of the sendclienthello function in the handshake.c file of the GnuTLS cryptographic library is related to deficiencies in the cryptographic algorithms used. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data or compromise the...

CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c...

CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c...

UBUNTU-CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c...

CVE-2020-12823

OpenConnect 8.09 contains a buffer overflow in get_cert_name (gnutls.c) triggered by crafted certificate data, leading to denial of service (crash) and potential further impact. Multiple connected advisories confirm the issue and note that OpenConnect 8.10 fixes it (upgrading is recommended). The...

Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-d14280a6e8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-f90fb78f70)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...