Your submission was sent successfully! Close

CVE-2019-3836

Published: 1 April 2019

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

Notes

AuthorNote
mdeslaur
3.6.4 and later
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Does not exist

gnutls28
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
cosmic
Released (3.6.4-2ubuntu1.2)
disco
Released (3.6.5-2ubuntu1.1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (3.6.7)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 (3.6)