Описание
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
A flaw was found in the way gnutls handled malformed TLS 1.3 asynchronous messages. An attacker could use this flaw to crash an application compiled with gnutls via invalid pointer access.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 6 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 7 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2019:3600 | 05.11.2019 |
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2019:3600 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
It was discovered in gnutls before version 3.6.7 upstream that there i ...
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Уязвимость криптографической библиотеки GnuTLS, связанная с доступом к неинициализированному указателю, позволяющая нарушителю вызвать отказ в обслуживании
5.9 Medium
CVSS3