CVE-2020-13777: CVE-2020-13777

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-13777

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

GnuTLS 加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GnuTLS是一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS 3.6.14版本中存在加密问题漏洞。攻击者可通过实施中间人攻击利用该漏洞绕过TLS 1.3版本的身份验证并恢复TLS 1.2版本的先前会话。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-13777

#	POC Description	Source Link	Shenlong Link
1	Zeek script to detect servers vulnerable to CVE-2020-13777	https://github.com/0xxon/cve-2020-13777	POC Details
2	Challange CVE-2020-13777	https://github.com/shigeki/challenge_CVE-2020-13777	POC Details
3	None	https://github.com/prprhyt/PoC_TLS1_3_CVE-2020-13777	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-13777

Please Login to view more intelligence information

https://security.netapp.com/advisory/ntap-20200619-0004/x_refsource_CONFIRM
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03x_refsource_CONFIRM
https://www.debian.org/security/2020/dsa-4697vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/4384-1/vendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/202006-01vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.htmlvendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/vendor-advisoryx_refsource_FEDORA
https://nvd.nist.gov/vuln/detail/CVE-2020-13777

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2020-13777

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2020-13777

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-13777

III. Intelligence Information for CVE-2020-13777

New Vulnerabilities

V. Comments for CVE-2020-13777

Leave a comment