CVE-2019-3829

gnutls: use-after-free/double-free in certificate verification

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

Se ha descubierto una vulnerabilidad en gnutls, desde la versión 3.5.8 hasta antes de la 3.6.7. Hay una vulnerabilidad de corrupción de memoria (doble liberación o "double free") en la API de verificación de certificados. Cualquier aplicación cliente o servidor que verifica certificados X.509 con GnuTLS en versiones 3.5.8 o posteriores se ha visto afectada.

A double free flaw was found in the way the certificate verification API was implemented for gnutls. An attacker could cause a client or server application compiled against gnutls to crash by parsing a specially-crafted certificate.

Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-03 CVE Reserved
2019-03-27 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2025-06-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-415: Double Free
CWE-416: Use After Free

CAPEC

References (13)

URL	Tag	Source
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829	Issue Tracking
https://security.netapp.com/advisory/ntap-20190619-0004	X_refsource_confirm

URL	Date	SRC
https://gitlab.com/gnutls/gnutls/issues/694	2024-08-04
https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27	2024-08-04

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html	2023-11-07
https://access.redhat.com/errata/RHSA-2019:3600	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU	2023-11-07
https://security.gentoo.org/glsa/201904-14	2023-11-07
https://usn.ubuntu.com/3999-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-3829	2019-11-05
https://bugzilla.redhat.com/show_bug.cgi?id=1677048	2019-11-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Gnutls Search vendor "Gnu" for product "Gnutls"				>= 3.5.8 < 3.6.7 Search vendor "Gnu" for product "Gnutls" and version " >= 3.5.8 < 3.6.7"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				-		-		Affected