Описание
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and denial of service.
Отчет
As mentioned in the upstream advisory and GnuTLS issue 1151 (see External References) this flaw is not easily exploitable and it only happens intermittently (denial of service is not always practical). For this reason, this flaw has been rated as having a security impact of Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 7 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 9 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2021:4451 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | nettle | Fixed | RHSA-2021:4451 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2021:4451 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | nettle | Fixed | RHSA-2021:4451 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
A flaw was found in gnutls. A use after free issue in client sending k ...
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
EPSS
3.7 Low
CVSS3