Bug 1922276 (CVE-2021-20231) - CVE-2021-20231 gnutls: Use after free in client key_share extension
Summary: CVE-2021-20231 gnutls: Use after free in client key_share extension
Keywords:
Status: NEW
Alias: CVE-2021-20231
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1927596 1927597 1938148 1927598 1938147
Blocks: 1922277 1926232
TreeView+ depends on / blocked
 
Reported: 2021-01-29 15:18 UTC by Pedro Sampaio
Modified: 2021-04-27 01:04 UTC (History)
16 users (show)

Fixed In Version: gnutls 3.7.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2021-01-29 15:18:30 UTC
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

Comment 3 Huzaifa S. Sidhpurwala 2021-03-12 09:49:56 UTC
External References:

https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10

Comment 4 Huzaifa S. Sidhpurwala 2021-03-12 09:55:03 UTC
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1938147]


Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1938148]

Comment 5 Huzaifa S. Sidhpurwala 2021-03-12 10:07:17 UTC
Acknowledgments:

Name: GnuTLS project

Comment 6 Huzaifa S. Sidhpurwala 2021-03-12 10:12:16 UTC
Upstream commit: https://gitlab.com/gnutls/gnutls/-/commit/15beb4b193b2714d88107e7dffca781798684e7e

Comment 7 Clara Gibbs 2021-04-27 01:04:49 UTC
Use after free in client key share extension, With the help of this extension you can easily get client free key extension. I need to choose the most of the best https://www.superiorpapers.com/ extension but due to daily updation we never stay on one we have to change it according to your own requirnments.


Note You need to log in before you can comment on or make changes to this bug.