OESA-2021-1046
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1046
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1046.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2021-1046
- Upstream
- Published
- 2021-03-05T11:02:38Z
- Modified
- 2025-09-03T06:17:03.678147Z
- Summary
- gnutls security update
- Details
-
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.
Security Fix(es):
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutlsdeinit function is called after detecting a handshake failure.(CVE-2020-24659)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS / gnutls
Package
- Name
- gnutls
- Purl
- pkg:rpm/openEuler/gnutls&distro=openEuler-20.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.14-6.oe1
Ecosystem specific
{
"src": [
"gnutls-3.6.14-6.oe1.src.rpm"
],
"x86_64": [
"gnutls-devel-3.6.14-6.oe1.x86_64.rpm",
"gnutls-3.6.14-6.oe1.x86_64.rpm",
"gnutls-debuginfo-3.6.14-6.oe1.x86_64.rpm",
"gnutls-debugsource-3.6.14-6.oe1.x86_64.rpm"
],
"aarch64": [
"gnutls-devel-3.6.14-6.oe1.aarch64.rpm",
"gnutls-debugsource-3.6.14-6.oe1.aarch64.rpm",
"gnutls-debuginfo-3.6.14-6.oe1.aarch64.rpm",
"gnutls-3.6.14-6.oe1.aarch64.rpm"
],
"noarch": [
"gnutls-help-3.6.14-6.oe1.noarch.rpm"
]
}