cve/2021/CVE-2021-4209.md

### [CVE-2021-4209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4209)
![](https://img.shields.io/static/v1?label=Product&message=GnuTLS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20-%20NULL%20Pointer%20Dereference&color=brighgreen)

### Description

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

### POC

#### Reference
- https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GitHubForSnap/ssmtp-gael
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-4209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4209)`
			`![](https://img.shields.io/static/v1?label=Product&message=GnuTLS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20-%20NULL%20Pointer%20Dereference&color=brighgreen)`

			`### Description`

			`A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.`

			`### POC`

			`#### Reference`
			`- https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/GitHubForSnap/ssmtp-gael`