Use After Free Vulnerability in GnuTLS Client Key_Share Extension
CVE-2021-20231

9.8CRITICAL

Key Information:

Vendor
Gnu
Status
Gnutls
Vendor
CVE Published:
12 March 2021

Summary

A vulnerability exists in GnuTLS that affects the client when sending the key_share extension, which can lead to a use after free situation. This flaw can result in memory corruption, potentially leading to a range of security issues, including arbitrary code execution in certain scenarios. It highlights the need for immediate attention and timely updates to mitigate risks associated with this vulnerability.

Affected Version(s)

gnutls gnutls 3.7.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1922276
x_refsource_MISC
https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-0...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.