{"containers": {"cna": {"affected": [{"product": "GnuTLS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in gnutls v3.7.3"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 - NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T17:06:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-4209"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220915-0005/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-4209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GnuTLS", "version": {"version_data": [{"version_value": "Fixed in gnutls v3.7.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476 - NULL Pointer Dereference"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.com/gnutls/gnutls/-/issues/1306", "refsource": "MISC", "url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"}, {"name": "https://access.redhat.com/security/cve/CVE-2021-4209", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-4209"}, {"name": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", "refsource": "MISC", "url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"}, {"name": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", "refsource": "MISC", "url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"}, {"name": "https://security.netapp.com/advisory/ntap-20220915-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220915-0005/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:04.444Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-4209"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220915-0005/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4209", "datePublished": "2022-08-24T15:07:31", "dateReserved": "2022-01-24T00:00:00", "dateUpdated": "2024-08-03T17:16:04.444Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7F5A2FE-408A-4E36-BC95-40E502C06682", "versionEndExcluding": "3.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "84574629-EB00-4235-8962-45070F3C9F6A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."}, {"lang": "es", "value": "Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualizaci\u00f3n de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. Este fallo conlleva a una denegaci\u00f3n de servicio tras la autenticaci\u00f3n en raras circunstancias."}], "id": "CVE-2021-4209", "lastModified": "2022-10-27T16:57:33.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-24T16:15:09.927", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-4209"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220915-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "GnuTLS: Null pointer dereference in MD_UPDATE", "id": "2044156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2021-4209", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-12-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4209\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4209"], "statement": "According to the analysis on the upstream issue, this flaw has been rated as having a security impact of Low.", "threat_severity": "Low", "upstream_fix": "gnutls 3.7.3"}