Lucene search

FreeBSDD887B3D9-7366-11EA-B81A-001CC0382B2F

HistoryMar 31, 2020 - 12:00 a.m.

GnuTLS -- flaw in DTLS protocol implementation

2020-03-3100:00:00

vuxml.freebsd.org

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.005 Low

EPSS

Percentile

76.3%

JSON

The GnuTLS project reports:

It was found that GnuTLS 3.6.3 introduced a regression in the DTLS
protocol implementation. This caused the DTLS client to not
contribute any randomness to the DTLS negotiation breaking the
security guarantees of the DTLS protocol.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnutls< 3.6.13UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gnutls	< 3.6.13	UNKNOWN

References

gnutls.org/security-new.html#GNUTLS-SA-2020-03-31

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for D887B3D9-7366-11EA-B81A-001CC0382B2F