Bug 2044156 (CVE-2021-4209)

Summary: CVE-2021-4209 GnuTLS: Null pointer dereference in MD_UPDATE
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: adudiak, ansasaki, aprice, bdettelb, caswilli, cfergeau, crypto-team, dfreiber, dkuc, doconnor, drow, dueno, erik-fedora, fjansen, hkataria, jburrell, jdobes, jforrest, jkoehler, jmitchel, jsamir, jtanner, jwong, kaycoth, kholdawa, kshier, lcouzens, lphiri, marcandre.lureau, micjohns, mike, mpierce, mskarbek, oezr, orabin, psegedy, rblanco, rh-spice-bugs, rjones, sthirugn, tcarlin, teagle, tm, vkrizan, vkumar, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls 3.7.3 Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2048765, 2055368, 2055369, 2055374, 2055375, 2055376    
Bug Blocks: 2044141    

Description Dhananjay Arunesh 2022-01-24 07:04:17 UTC 
Using gnutls with guile disabled, null pointer may passed to memcpy as argument 2, causing null pointer dereference.
Comment 3 Mauro Matteo Cascella 2022-02-16 19:08:53 UTC 
Upstream MR:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1503

Upstream commit:
https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568
Comment 4 Mauro Matteo Cascella 2022-02-16 19:19:41 UTC 
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 2055368]


Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 2055369]