CVE-2019-3836

CWE-456CWE-8249 documents8 sources
Severity
7.5HIGH
EPSS
0.4%
top 41.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU GnutlsGnutls GnutlsFedoraproject Fedora+1 more
Timeline
PublishedApr 1
Latest updateMay 14

Description

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

NVDgnu/gnutls3.6.33.6.7
Debiangnutls28< 3.6.7-2+3
CVEListV5gnutls/gnutlsfixed in gnutls 3.6.7
NVDopensuse/leap15.0

Also affects: Fedora 28

🔴Vulnerability Details

3
GHSA
GHSA-fqw6-7w7w-627p: It was discovered in gnutls before version 32022-05-14
CVEList
CVE-2019-3836: It was discovered in gnutls before version 32019-04-01
OSV
CVE-2019-3836: It was discovered in gnutls before version 32019-04-01

📋Vendor Advisories

3
Ubuntu
GnuTLS vulnerabilities2019-05-30
Red Hat
gnutls: invalid pointer access upon receiving async handshake messages2019-03-27
Debian
CVE-2019-3836: gnutls28 - It was discovered in gnutls before version 3.6.7 upstream that there is an unini...2019

💬Community

2
Bugzilla
CVE-2019-3836 gnutls: invalid pointer access upon receiving async handshake messages [fedora-all]2019-03-27
Bugzilla
CVE-2019-3836 gnutls: invalid pointer access upon receiving async handshake messages2019-02-18
CVE-2019-3836 (HIGH CVSS 7.5) | It was discovered in gnutls before | cvebase.io