CVE-2021-4209

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description A NULL pointer dereference flaw was found in GnuTLS, related to the implementation of the wrap nettle hash fast() function in the cryptographic library. This flaw can cause undefined behavior when providing zero-length input to Nettle's hash update functions, which internally call memcpy(). The issue can lead to a denial of service after authentication in rare circumstances.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-2183

ALT-PU-2024-7207

ALT-PU-2024-7758

ALT-PU-2024-7788

BDU:2022-01898

CVE-2021-4209

DLA-3070-1

JLSEC-2026-522

MGASA-2022-0098

OESA-2022-1889

OPENSUSE-SU-2022:0717-1

OPENSUSE-SU-2022_0717-1

SUSE-SU-2022:0677-1

SUSE-SU-2022:0678-1

SUSE-SU-2022:0717-1

SUSE-SU-2022:2830-1

SUSE-SU-2022_0677-1

SUSE-SU-2022_0678-1

SUSE-SU-2022_0717-1

SUSE-SU-2022_2830-1

USN-5550-1

USN-5750-1

Affected Products

Alt Linux

Astra Linux

Gnutls

Linuxmint

Red Os

Suse

Ubuntu

CVE-2021-4209

Weakness Enumeration

Related Identifiers

Affected Products

References · 57