[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnutls package may be vulnerable to CVE-2021-20232

From: Léo Le Bouter
Subject: gnutls package may be vulnerable to CVE-2021-20232
Date: Sat, 13 Mar 2021 02:25:14 +0100
User-agent: Evolution 3.34.2

CVE-2021-20232  12.03.21 20:15
A flaw was found in gnutls. A use after free issue in
client_send_params in lib/ext/pre_shared_key.c may lead to memory
corruption and other potential consequences.

It is not certain whether 3.6.x series are affected as packaged in GNU
Guix. I asked the upstream at <>. Let's
wait for an answer, or then apply/backport this commit (
) to 3.6.x series.

A rather low impact vulnerability upstream says, but I would be careful
there as an experienced exploit writer could find reliable ways to
exploit it in my opinion.

Let's patch this as soon as possible!

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]