Search for vulnerabilities
Vulnerability details: VCID-kkf9-tpvd-5bad
Vulnerability ID VCID-kkf9-tpvd-5bad
Aliases CVE-2020-13777
GNUTLS-SA-2020-06-03
Summary GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-345 Insufficient Verification of Data Authenticity
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13777.json
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2020-13777
cvssv3.1 7.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
archlinux High https://security.archlinux.org/AVG-1177
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13777.json
https://api.first.org/data/v1/epss?cve=CVE-2020-13777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
https://security.gentoo.org/glsa/202006-01
https://security.netapp.com/advisory/ntap-20200619-0004/
https://www.debian.org/security/2020/dsa-4697
1843723 https://bugzilla.redhat.com/show_bug.cgi?id=1843723
962289 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962289
ASA-202006-2 https://security.archlinux.org/ASA-202006-2
AVG-1177 https://security.archlinux.org/AVG-1177
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVE-2020-13777 https://nvd.nist.gov/vuln/detail/CVE-2020-13777
RHSA-2020:2637 https://access.redhat.com/errata/RHSA-2020:2637
RHSA-2020:2638 https://access.redhat.com/errata/RHSA-2020:2638
RHSA-2020:2639 https://access.redhat.com/errata/RHSA-2020:2639
USN-4384-1 https://usn.ubuntu.com/4384-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13777.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13777
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13777
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.74875
EPSS Score 0.00911
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:33:58.615502+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/main.json 37.0.0