Vulnerability Description
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gnutls | >= 3.6.3, < 3.7.1 |
| Redhat | Enterprise Linux | 8.0 |
| Fedoraproject | Fedora | 34 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | E-Series Performance Analyzer | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922276Issue TrackingPatchThird Party Advisory
- https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63
- https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da8
- https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a
- https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e25405645972
- https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31
- https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320
- https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5f
- https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20210416-0005/Third Party Advisory
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10ExploitVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1922276Issue TrackingPatchThird Party Advisory
- https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63
- https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da8
FAQ
What is CVE-2021-20231?
CVE-2021-20231 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
How severe is CVE-2021-20231?
CVE-2021-20231 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20231?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls, Redhat Enterprise Linux, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Netapp E-Series Performance Analyzer.