CVE-2019-3829

CWE-416 — Use After Free CWE-41512 documents8 sources

Severity

7.5HIGH

EPSS

2.1%

top 16.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gnutls Gnutls Gnutls

Timeline

PublishedMar 27

Latest updateMay 14

Description

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDgnu/gnutls3.5.8 — 3.6.7

▶Debiangnutls28< 3.6.7-2+3

▶CVEListV5gnutls/gnutlsaffected from 3.5.8, fixed in 3.6.7+1

Patches

Patch: gitlab.com ↗Patch: www.gnutls.org ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-mm54-95hq-f739: A vulnerability was found in gnutls versions from 3↗2022-05-14

▶

OSV

gnutls28 vulnerabilities↗2019-05-30

▶

OSV

CVE-2019-3829: A vulnerability was found in gnutls versions from 3↗2019-03-27

▶

CVEList

CVE-2019-3829: A vulnerability was found in gnutls versions from 3↗2019-03-27

▶

📋Vendor Advisories

Ubuntu

GnuTLS vulnerabilities↗2019-05-30

▶

Red Hat

gnutls: use-after-free/double-free in certificate verification↗2019-03-27

▶

Debian

CVE-2019-3829: gnutls28 - A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory c...↗2019

▶

💬Community

Bugzilla

CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation↗2019-08-22

▶

Bugzilla

CVE-2019-3829 gnutls: use-after-free/double-free in certificate verification [fedora-all]↗2019-03-27

▶

Bugzilla

CVE-2019-3829 mingw-gnutls: gnutls: use-after-free/double-free in certificate verification [fedora-all]↗2019-03-27

▶

Bugzilla

CVE-2019-3829 gnutls: use-after-free/double-free in certificate verification↗2019-02-13

▶