A flaw was found in Gnutls. The server can trigger the client to run into heap buffer overflow if a no_renegotiation alert is sent in an unexpected timing. That may cause the client to crash at the session deinitialization timing. Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1071
Acknowledgments: Name: the GnuTLS project
Statement: This issue only affects TLS 1.3 implementation of GnuTLS which is available on GnuTLS 3.6.x branch. Therefore only GnuTLS packages shipped with Red Hat Enterprise Linux 8 are affected by this flaw.
External References: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1875863] Created gnutls30 tracking bugs for this issue: Affects: epel-6 [bug 1875862] Created mingw-gnutls tracking bugs for this issue: Affects: fedora-all [bug 1875864]
Reproducer: There is a reproducer available in the upstream bug at: https://gitlab.com/gnutls/gnutls/-/issues/1071 which works with ASAN builds.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5483 https://access.redhat.com/errata/RHSA-2020:5483
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-24659