Описание
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Отчет
This issue is classified as low severity because it requires a very specific and rare set of conditions to be triggered. The vulnerability occurs only when GnuTLS is built with Guile support disabled and when an empty input (zero-length data) is passed during the TLS handshake process. The crash caused by the NULL pointer dereference is a denial of service, but it does not result in remote code execution or data leakage. Additionally, the affected code path is rarely executed in practice, as it is often replaced by optimized, accelerated implementations. Compilers may also optimize away the issue in most cases, further reducing the likelihood of exploitation.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gnutls | Will not fix | ||
| Red Hat Enterprise Linux 9 | gnutls | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash ...
6.5 Medium
CVSS3