Vulnerability Details CVE-2019-3829
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
- https://access.redhat.com/errata/RHSA-2019:3600
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829
- https://gitlab.com/gnutls/gnutls/issues/694
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/
- https://security.gentoo.org/glsa/201904-14
- https://security.netapp.com/advisory/ntap-20190619-0004/
- https://usn.ubuntu.com/3999-1/
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
- https://access.redhat.com/errata/RHSA-2019:3600
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829
- https://gitlab.com/gnutls/gnutls/issues/694
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/
- https://security.gentoo.org/glsa/201904-14
- https://security.netapp.com/advisory/ntap-20190619-0004/
- https://usn.ubuntu.com/3999-1/
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
Products affected by CVE-2019-3829
-
cpe:2.3:a:gnu:gnutls:3.5.10
-
cpe:2.3:a:gnu:gnutls:3.5.11
-
cpe:2.3:a:gnu:gnutls:3.5.12
-
cpe:2.3:a:gnu:gnutls:3.5.13
-
cpe:2.3:a:gnu:gnutls:3.5.14
-
cpe:2.3:a:gnu:gnutls:3.5.15
-
cpe:2.3:a:gnu:gnutls:3.5.16
-
cpe:2.3:a:gnu:gnutls:3.5.17
-
cpe:2.3:a:gnu:gnutls:3.5.18
-
cpe:2.3:a:gnu:gnutls:3.5.19
-
cpe:2.3:a:gnu:gnutls:3.5.8
-
cpe:2.3:a:gnu:gnutls:3.5.9
-
cpe:2.3:a:gnu:gnutls:3.6.0
-
cpe:2.3:a:gnu:gnutls:3.6.1
-
cpe:2.3:a:gnu:gnutls:3.6.2
-
cpe:2.3:a:gnu:gnutls:3.6.3
-
cpe:2.3:a:gnu:gnutls:3.6.4
-
cpe:2.3:a:gnu:gnutls:3.6.5
-
cpe:2.3:a:gnu:gnutls:3.6.6
-
cpe:2.3:o:fedoraproject:fedora:-