NULL Pointer Dereference in GnuTLS Affects Nettle's Hash Update Functions
CVE-2021-4209

6.5MEDIUM

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 24 August 2022

🔔 Create Gnu Vulnerability Alert

What is CVE-2021-4209?

A NULL pointer dereference flaw exists in GnuTLS, impacting its hash update functions within Nettle. This vulnerability arises when zero-length input is provided, leading to potential undefined behavior. In some rare scenarios, this may result in a denial of service occurring after user authentication.

Affected Version(s)

GnuTLS Fixed in gnutls v3.7.3

References

https://gitlab.com/gnutls/gnutls/-/issues/1306

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2044156

x_refsource_MISC

https://access.redhat.com/security/cve/CVE-2021-4209

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2022
Vulnerability Reserved
Jan 24, 2022

.