#VU66124 NULL pointer dereference in GnuTLS


Published: 2022-08-05

Vulnerability identifier: #VU66124

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-4209

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in MD_UPDATE. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

GnuTLS: 3.5.0 - 3.7.2


CPE

External links
http://gitlab.com/gnutls/gnutls/-/issues/1306
http://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability