CVE-2021-4209

Name
CVE-2021-4209
Description
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/gnutls/gnutls/-/issues/1306
MISC https://access.redhat.com/security/cve/CVE-2021-4209
MISC https://gitlab.com/gnutls/gnutls/-/merge_requests/1503
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2044156
MISC https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* gnutls >= None < 3.7.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gnutls 3.13-main 3.7.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.15-main 3.7.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.14-main 3.7.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable