CVE-2021-4209

moderate-risk

Published 2022-08-24

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (5)

Gnutls

Enterprise Linux

Active Iq Unified Manager

Solidfire \& Hci Management Node

Hci Bootstrap Os

Affected Vendors

Redhat Gnu Netapp

References (12)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4209

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2044156

Patch https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da613005...

Third Party Advisory https://gitlab.com/gnutls/gnutls/-/issues/1306

Third Party Advisory https://gitlab.com/gnutls/gnutls/-/merge_requests/1503

Third Party Advisory https://security.netapp.com/advisory/ntap-20220915-0005/

Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4209

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2044156

Patch https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da613005...

Third Party Advisory https://gitlab.com/gnutls/gnutls/-/issues/1306

Third Party Advisory https://gitlab.com/gnutls/gnutls/-/merge_requests/1503

Third Party Advisory https://security.netapp.com/advisory/ntap-20220915-0005/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 12/34 · Low