CVE-2021-4209

CWE-476NULL Pointer Dereference10 documents8 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 43.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GnutlsRedhat Enterprise Linux
Timeline
PublishedAug 24
Latest updateNov 30

Description

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDgnu/gnutls< 3.7.3
Debiangnutls28< 3.7.1-5+deb11u1+3
Ubuntugnutls28< 3.5.18-1ubuntu1.6+2
CVEListV5gnutlsFixed in gnutls v3.7.3

Also affects: Enterprise Linux 8.0

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

4
GHSA
GHSA-xj78-h3gx-cm6v: A NULL pointer dereference flaw was found in GnuTLS2022-08-25
CVEList
CVE-2021-4209: A NULL pointer dereference flaw was found in GnuTLS2022-08-24
OSV
CVE-2021-4209: A NULL pointer dereference flaw was found in GnuTLS2022-08-24
OSV
gnutls28 vulnerabilities2022-08-04

📋Vendor Advisories

5
Ubuntu
GnuTLS vulnerability2022-11-30
Microsoft
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy providing zero-length input may cause undefined behavior. This flaw leads to a denial of s2022-08-09
Ubuntu
GnuTLS vulnerabilities2022-08-04
Red Hat
GnuTLS: Null pointer dereference in MD_UPDATE2021-12-22
Debian
CVE-2021-4209: gnutls28 - A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update fun...2021
CVE-2021-4209 (MEDIUM CVSS 6.5) | A NULL pointer dereference flaw was | cvebase.io