CVE-2019-3836
Published: 1 April 2019
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Notes
Author | Note |
---|---|
mdeslaur | 3.6.4 and later |
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
gnutls26 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
gnutls28 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
cosmic |
Released
(3.6.4-2ubuntu1.2)
|
|
disco |
Released
(3.6.5-2ubuntu1.1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Released
(3.6.7)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 (3.6) |