Note:
This project will be discontinued after December 13, 2021. [more]
2020-09-04
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
Products | Ubuntu_linux, Fedora, Gnutls, Leap |
Type | Out-of-bounds Write (CWE-787) NULL Pointer Dereference (CWE-476) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/
• https://gitlab.com/gnutls/gnutls/-/issues/1071 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/ • https://usn.ubuntu.com/4491-1/ |