CVEs-PoC/2021/CVE-2021-4209.md

### [CVE-2021-4209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4209)
![](https://img.shields.io/static/v1?label=Product&message=GnuTLS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20-%20NULL%20Pointer%20Dereference&color=brighgreen)

### Description

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

### POC

#### Reference
- https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GitHubForSnap/ssmtp-gael