NULL Pointer Dereference in GnuTLS Affects Nettle's Hash Update Functions
CVE-2021-4209

6.5MEDIUM

Key Information:

Vendor
Gnu
Status
Gnutls
Vendor
CVE Published:
24 August 2022

Summary

A NULL pointer dereference flaw exists in GnuTLS, impacting its hash update functions within Nettle. This vulnerability arises when zero-length input is provided, leading to potential undefined behavior. In some rare scenarios, this may result in a denial of service occurring after user authentication.

Affected Version(s)

GnuTLS Fixed in gnutls v3.7.3

References

https://gitlab.com/gnutls/gnutls/-/issues/1306
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2044156
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-4209
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.