CVE-2021-4209

2022-08-2416:15:09

CWE-476

[email protected]

web.nvd.nist.gov

gnutls

null pointer

denial of service

authentication

nettle's hash

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.9%

JSON

A NULL pointer dereference flaw was found in GnuTLS. As Nettle’s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

Affected configurations

Nvd

Node

gnugnutlsRange<3.7.3

Node

redhatenterprise_linuxMatch8.0

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappsolidfire_\&_hci_management_nodeMatch-

Node

netapphci_bootstrap_osMatch-

AND

netapphci_compute_nodeMatch-

VendorProductVersionCPE
gnugnutls*cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappsolidfire_\&_hci_management_node-cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
netapphci_bootstrap_os-cpe:2.3:a:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
netapphci_compute_node-cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	gnutls	*	cpe:2.3:a:gnu:gnutls::::::::
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	solidfire_\&_hci_management_node	-	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
netapp	hci_bootstrap_os	-	cpe:2.3:a:netapp:hci_bootstrap_os:-:::::::*
netapp	hci_compute_node	-	cpe:2.3:h:netapp:hci_compute_node:-:::::::*