CVE-2020-11501: Timing Side-Channel in GnuTLS DTLS SRTP Profile Negotiation

GnuTLS 3.6.12 and earlier versions contain a timing side-channel vulnerability in the DTLS SRTP (Secure Real-time Transport Protocol) profile negotiation code. The vulnerability exists in the _gnutls_srtp_recv_params() function, which processes SRTP profiles sent by a client in the ClientHello message. The code uses nested loops with data-dependent early-exit conditions to match client-proposed profiles against server-supported profiles. An attacker can exploit this timing side-channel by sending SRTP profiles in different orders and measuring response times to infer which SRTP profiles the server supports, revealing sensitive server configuration information.