ID |
CVE-2019-3836
|
Summary |
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:gnu:gnutls:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.6.3:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gnutls:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.6.4:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gnutls:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.6.5:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gnutls:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.6.6:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
-
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 30-05-2019 - 16:29) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-824 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1706921 | title | GnuTLS should implement continuous random test or use the kernel AF_ALG interface for random |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 8 is installed | oval | oval:com.redhat.rhba:tst:20193384074 |
OR | AND | comment | gnutls is earlier than 0:3.6.8-8.el8 | oval | oval:com.redhat.rhsa:tst:20193600001 |
comment | gnutls is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20120429002 |
|
AND | comment | gnutls-c++ is earlier than 0:3.6.8-8.el8 | oval | oval:com.redhat.rhsa:tst:20193600003 |
comment | gnutls-c++ is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20140684004 |
|
AND | comment | gnutls-dane is earlier than 0:3.6.8-8.el8 | oval | oval:com.redhat.rhsa:tst:20193600005 |
comment | gnutls-dane is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20140684006 |
|
AND | comment | gnutls-debugsource is earlier than 0:3.6.8-8.el8 | oval | oval:com.redhat.rhsa:tst:20193600007 |
comment | gnutls-debugsource is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20193600008 |
|
AND | comment | gnutls-devel is earlier than 0:3.6.8-8.el8 | oval | oval:com.redhat.rhsa:tst:20193600009 |
comment | gnutls-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20120429004 |
|
AND | comment | gnutls-utils is earlier than 0:3.6.8-8.el8 | oval | oval:com.redhat.rhsa:tst:20193600011 |
comment | gnutls-utils is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20120429008 |
|
|
|
|
| rhsa | id | RHSA-2019:3600 | released | 2019-11-05 | severity | Moderate | title | RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate) |
|
| rpms | - gnutls-0:3.6.8-8.el8
- gnutls-c++-0:3.6.8-8.el8
- gnutls-c++-debuginfo-0:3.6.8-8.el8
- gnutls-dane-0:3.6.8-8.el8
- gnutls-dane-debuginfo-0:3.6.8-8.el8
- gnutls-debuginfo-0:3.6.8-8.el8
- gnutls-debugsource-0:3.6.8-8.el8
- gnutls-devel-0:3.6.8-8.el8
- gnutls-utils-0:3.6.8-8.el8
- gnutls-utils-debuginfo-0:3.6.8-8.el8
|
|
refmap
via4
|
confirm | | fedora | FEDORA-2019-46df367eed | gentoo | GLSA-201904-14 | suse | openSUSE-SU-2019:1353 | ubuntu | USN-3999-1 |
|
Last major update |
30-05-2019 - 16:29 |
Published |
01-04-2019 - 15:29 |
Last modified |
30-05-2019 - 16:29 |