Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 775338 (CVE-2021-20231, CVE-2021-20232, GNUTLS-SA-2021-03-10) - ~net-libs/gnutls-3.7.1: Use-after-free in key_share, pre_shared_key extensions (CVE-2021-{20231,20232})
Summary: ~net-libs/gnutls-3.7.1: Use-after-free in key_share, pre_shared_key extension...
Status: RESOLVED FIXED
Alias: CVE-2021-20231, CVE-2021-20232, GNUTLS-SA-2021-03-10
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.gnutls.org/security-new.h...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-11 05:14 UTC by Sam James
Modified: 2021-03-28 06:08 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/gnutls-3.7.1 *
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-03-11 05:14:20 UTC
From release notes of 3.7.1:

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]
Comment 1 Sam James archtester gentoo-dev Security 2021-03-28 05:42:44 UTC
Ping
Comment 2 Thomas Deutschmann gentoo-dev Security 2021-03-28 06:06:08 UTC
Only 3.7.x is affected which isn't stable.
Comment 3 Larry the Git Cow gentoo-dev 2021-03-28 06:08:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42cb2c95be07553ccb6c28c1634e8b64602c3fe1

commit 42cb2c95be07553ccb6c28c1634e8b64602c3fe1
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-03-28 06:07:24 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-03-28 06:08:22 +0000

    net-libs/gnutls: drop vulnerable version
    
    Bug: https://bugs.gentoo.org/775338
    Package-Manager: Portage-3.0.17, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-libs/gnutls/Manifest                           |   1 -
 ...nutls-3.7.0-ignore-duplicate-certificates.patch | 403 ---------------------
 net-libs/gnutls/gnutls-3.7.0-r1.ebuild             | 139 -------
 3 files changed, 543 deletions(-)
Comment 4 Thomas Deutschmann gentoo-dev Security 2021-03-28 06:08:49 UTC
Repository is clean, all done.