CVE-2021-20231

Published: Mar 12, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

Affected (5)

Products: Gnu: Gnutls · Redhat: Enterprise Linux · Fedoraproject: Fedora · +1 more

Show all products

Gnu: Gnutls · Redhat: Enterprise Linux · Fedoraproject: Fedora · Netapp: Active Iq Unified Manager, E Series Performance Analyzer

1 product

1 product

1 product

2 products

Active Iq Unified Manager

E Series Performance Analyzer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Gnutls	From 3.6.3 to 3.7.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp E Series Performance Analyzer	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (24)

https://bugzilla.redhat.com/show_bug.cgi?id=1922276

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20210416-0005/

Source: secalert@redhat.com

Third Party Advisory

https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10

Source: secalert@redhat.com

ExploitVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1922276