Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3829

Опубликовано: 27 мар. 2019
Источник: debian
EPSS Низкий

Описание

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnutls28fixed3.6.7-1experimentalpackage
gnutls28fixed3.6.7-2package
gnutls28fixed3.5.8-5+deb9u5stretchpackage
gnutls28not-affectedjessiepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1677048

  • https://gitlab.com/gnutls/gnutls/issues/694

  • Fixed by: https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0

  • Fixed by: https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392

  • Fixed by: https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6

  • Test: https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b

  • https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

  • Upstream versions affected are from 3.5.8 and before 3.6.7.

EPSS

Процентиль: 84%
0.02082
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-3829

CVSS3: 5.3
ubuntu
почти 7 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

redhat логотип

CVE-2019-3829

CVSS3: 5.3
redhat
почти 7 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

nvd логотип

CVE-2019-3829

CVSS3: 5.3
nvd
почти 7 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

github логотип

GHSA-mm54-95hq-f739

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

fstec логотип

BDU:2021-05201

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость криптографической библиотеки GnuTLS, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 84%
0.02082
Низкий