CVE-2019-3829
gnutls: use-after-free/double-free in certificate verification
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
Se ha descubierto una vulnerabilidad en gnutls, desde la versión 3.5.8 hasta antes de la 3.6.7. Hay una vulnerabilidad de corrupción de memoria (doble liberación o "double free") en la API de verificación de certificados. Cualquier aplicación cliente o servidor que verifica certificados X.509 con GnuTLS en versiones 3.5.8 o posteriores se ha visto afectada.
A double free flaw was found in the way the certificate verification API was implemented for gnutls. An attacker could cause a client or server application compiled against gnutls to crash by parsing a specially-crafted certificate.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-03-27 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-415: Double Free
- CWE-416: Use After Free
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829 | Issue Tracking | |
https://security.netapp.com/advisory/ntap-20190619-0004 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://gitlab.com/gnutls/gnutls/issues/694 | 2024-08-04 | |
https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | >= 3.5.8 < 3.6.7 Search vendor "Gnu" for product "Gnutls" and version " >= 3.5.8 < 3.6.7" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | - | - |
Affected
|