Unrated severityNVD Advisory· Published Mar 12, 2021· Updated Aug 3, 2024

CVE-2021-20231

Description

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

Affected products

gnutls/gnutlsdescription
osv-coords35 versions
pkg:apk/chainguard/gnutls pkg:apk/chainguard/gnutls-c++pkg:apk/chainguard/gnutls-c%2B%2B pkg:apk/chainguard/gnutls-dev pkg:apk/chainguard/gnutls-doc pkg:apk/chainguard/gnutls-utils pkg:apk/wolfi/gnutls pkg:apk/wolfi/gnutls-c++pkg:apk/wolfi/gnutls-c%2B%2B pkg:apk/wolfi/gnutls-dev pkg:apk/wolfi/gnutls-doc pkg:apk/wolfi/gnutls-utils pkg:rpm/almalinux/gnutls pkg:rpm/almalinux/gnutls-c%2B%2B pkg:rpm/almalinux/gnutls-dane pkg:rpm/almalinux/gnutls-devel pkg:rpm/almalinux/gnutls-utils pkg:rpm/almalinux/nettle pkg:rpm/almalinux/nettle-devel pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/gnutls&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.0 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Server%204.0
< 0+ 34 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.6.16-4.el8
- (no CPE)range: < 3.6.16-4.el8
- (no CPE)range: < 3.6.16-4.el8
- (no CPE)range: < 3.6.16-4.el8
- (no CPE)range: < 3.6.16-4.el8
- (no CPE)range: < 3.4.1-7.el8
- (no CPE)range: < 3.4.1-7.el8
- (no CPE)range: < 3.6.7-lp152.9.9.1
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-14.10.2
- (no CPE)range: < 3.6.7-14.10.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2
- (no CPE)range: < 3.6.7-6.40.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/mitrevendor-advisoryx_refsource_FEDORA
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3Emitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20210416-0005/mitrex_refsource_CONFIRM
www.gnutls.org/security-new.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000