Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3829

Опубликовано: 27 мар. 2019
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

A double free flaw was found in the way the certificate verification API was implemented for gnutls. An attacker could cause a client or server application compiled against gnutls to crash by parsing a specially-crafted certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5gnutlsNot affected
Red Hat Enterprise Linux 6gnutlsNot affected
Red Hat Enterprise Linux 7gnutlsNot affected
Red Hat OpenShift Enterprise 3gnutlsNot affected
Red Hat Enterprise Linux 8gnutlsFixedRHSA-2019:360005.11.2019
Red Hat Enterprise Linux 8gnutlsFixedRHSA-2019:360005.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1677048gnutls: use-after-free/double-free in certificate verification

EPSS

Процентиль: 84%
0.02082
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3829

CVSS3: 5.3
ubuntu
почти 7 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

nvd логотип

CVE-2019-3829

CVSS3: 5.3
nvd
почти 7 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

debian логотип

CVE-2019-3829

CVSS3: 5.3
debian
почти 7 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. ...

github логотип

GHSA-mm54-95hq-f739

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

fstec логотип

BDU:2021-05201

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость криптографической библиотеки GnuTLS, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 84%
0.02082
Низкий

5.3 Medium

CVSS3