An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
2020-09-04T15:15:10.803
2024-11-21T05:15:26.003
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gnu | gnutls | < 3.6.15 | Yes |
Operating System | fedoraproject | fedora | 32 | Yes |
Operating System | fedoraproject | fedora | 33 | Yes |
Operating System | opensuse | leap | 15.1 | Yes |
Operating System | opensuse | leap | 15.2 | Yes |
Operating System | canonical | ubuntu_linux | 20.04 | Yes |