A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.0.11+really2.12.23-12ubuntu2.8" }, { "binary_name": "libgnutls-dev", "binary_version": "2.12.23-12ubuntu2.8" }, { "binary_name": "libgnutls-openssl27", "binary_version": "2.12.23-12ubuntu2.8" }, { "binary_name": "libgnutls26", "binary_version": "2.12.23-12ubuntu2.8" }, { "binary_name": "libgnutlsxx27", "binary_version": "2.12.23-12ubuntu2.8" } ] }
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "guile-gnutls", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls-dev", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls30", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.4.10-4ubuntu1.9+esm1" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls-dane0", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls30", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.5.18-1ubuntu1.6" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "guile-gnutls", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls-dane0", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls30", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.6.13-2ubuntu1.7" } ], "availability": "No subscription required" }