An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the applications error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gnutls | Gnu | * | 3.6.15 (excluding) |
Gnutls28 | Ubuntu | devel | * |
Gnutls28 | Ubuntu | focal | * |
Gnutls28 | Ubuntu | trusty | * |
Gnutls28 | Ubuntu | upstream | * |
Red Hat Enterprise Linux 8 | RedHat | gnutls-0:3.6.14-7.el8_3 | * |
Red Hat Enterprise Linux 8 | RedHat | gnutls-0:3.6.14-7.el8_3 | * |