gnutls: Multiple vulnerabilities (CVE-2021-20231, CVE-2021-20232)
CVE-2021-20231: Use after free in client key_share extension
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Fixed In Version:
gnutls 3.7.1
References:
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://nvd.nist.gov/vuln/detail/CVE-2021-20231
CVE-2021-20232: Use after free in client_send_params in lib/ext/pre_shared_key.c
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
Fixed In Version:
gnutls 3.7.1
References:
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://nvd.nist.gov/vuln/detail/CVE-2021-20232