Unrated severityNVD Advisory· Published Jun 4, 2020· Updated Aug 4, 2024
CVE-2020-13777
CVE-2020-13777
Description
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Affected products
20- GnuTLS/GnuTLSdescription
- osv-coords19 versionspkg:apk/chainguard/gnutlspkg:apk/chainguard/gnutls-c++pkg:apk/chainguard/gnutls-c%2B%2Bpkg:apk/chainguard/gnutls-devpkg:apk/chainguard/gnutls-docpkg:apk/chainguard/gnutls-utilspkg:apk/wolfi/gnutlspkg:apk/wolfi/gnutls-c++pkg:apk/wolfi/gnutls-c%2B%2Bpkg:apk/wolfi/gnutls-devpkg:apk/wolfi/gnutls-docpkg:apk/wolfi/gnutls-utilspkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0+ 18 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.6.7-lp151.2.18.1
- (no CPE)range: < 3.7.2-1.2
- (no CPE)range: < 3.6.7-6.29.1
- (no CPE)range: < 3.6.7-6.29.1
- (no CPE)range: < 3.6.7-6.29.1
- (no CPE)range: < 3.6.7-6.29.1
- (no CPE)range: < 3.6.7-6.29.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202006-01mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4384-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4697mitrevendor-advisoryx_refsource_DEBIAN
- gnutls.org/security-new.htmlmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200619-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.