Unrated severityNVD Advisory· Published Apr 1, 2019· Updated Aug 4, 2024

CVE-2019-3836

Description

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

Affected products

Free Software Foundation Inc./Gnutlsv5
Range: fixed in gnutls 3.6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:3600mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/201904-14mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3999-1/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
gitlab.com/gnutls/gnutls/issues/704mitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20190502-0005/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000