CVE-2019-3836
Published: 1 April 2019
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Notes
| Author | Note |
|---|---|
| mdeslaur | 3.6.4 and later |
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
gnutls26 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
gnutls28 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| cosmic |
Released
(3.6.4-2ubuntu1.2)
|
|
| disco |
Released
(3.6.5-2ubuntu1.1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Released
(3.6.7)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 (3.6) |
||