FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- flaw in DTLS protocol implementation

Affected packages
gnutls < 3.6.13

Details

VuXML ID d887b3d9-7366-11ea-b81a-001cc0382b2f
Discovery 2020-03-31
Entry 2020-03-31

The GnuTLS project reports:

It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol.

References

CVE Name CVE-2020-11501
URL https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31