PublicDateAtUSN: 2021-03-12 19:15:00 UTC
Candidate: CVE-2021-20232
PublicDate: 2021-03-12 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232
 https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
 https://ubuntu.com/security/notices/USN-5029-1
Description:
 A flaw was found in gnutls. A use after free issue in client_send_params in
 lib/ext/pre_shared_key.c may lead to memory corruption and other potential
 consequences.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://gitlab.com/gnutls/gnutls/-/issues/1151
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_gnutls28:
 upstream: https://gitlab.com/gnutls/gnutls/-/commit/75a937d97f4fefc6f9b08e3791f151445f551cb3
upstream_gnutls28: released (3.7.1-1)
precise/esm_gnutls28: DNE
trusty_gnutls28: ignored (out of standard support)
trusty/esm_gnutls28: DNE
xenial_gnutls28: not-affected (code not present)
esm-infra/xenial_gnutls28: not-affected (code not present)
bionic_gnutls28: not-affected (code not present)
focal_gnutls28: released (3.6.13-2ubuntu1.6)
groovy_gnutls28: ignored (reached end-of-life)
hirsute_gnutls28: not-affected (3.7.1-3ubuntu1)
impish_gnutls28: not-affected (3.7.1-4ubuntu1)
jammy_gnutls28: not-affected (3.7.1-4ubuntu1)
devel_gnutls28: not-affected (3.7.1-4ubuntu1)