#VU46295 NULL pointer dereference in GnuTLS


Published: 2020-09-04 | Updated: 2020-09-06

Vulnerability identifier: #VU46295

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24659

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Update to version 3.6.15.

Vulnerable software versions

GnuTLS: 3.6.0 - 3.6.14

External links
http://gitlab.com/gnutls/gnutls/-/issues/1071
http://security.gentoo.org/glsa/202009-01
http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS update for gnutls
Multiple vulnerabilities in Red Hat OpenShift Serverless
Red Hat update for Red Hat Ceph Storage 4.2
Multiple vulnerabilities in Red Hat Quay
Red Hat Enterprise Linux 8 update for gnutls
OpenSUSE Linux update for gnutls
OpenSUSE Linux update for gnutls
Gentoo update for GnuTLS
NULL pointer dereference in GnuTLS
NULL pointer dereference in gnutls (Alpine package)