CVE-2019-3836
published 2019-04-01CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnutls28 | < gnutls28 3.6.7-2 (bookworm) | gnutls28 3.6.7-2 (bookworm) |
| fedoraproject | fedora | — | — |
| gnu | gnutls | >= 3.6.3 < 3.6.7 | 3.6.7 |
| gnutls | gnutls | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH