<p>Upgrade <code>Alpine:3.8</code> <code>gnutls</code> to version 3.6.7-r0 or higher.</p>

Double Free Affecting gnutls package, versions <3.6.7-r0

Snyk CVSS

Attack Complexity Low

Availability High

Threat Intelligence

EPSS 0.93% (83^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-ALPINE38-GNUTLS-344673
published 27 Mar 2019
disclosed 27 Mar 2019

Report a new vulnerability Found a mistake?

Introduced: 27 Mar 2019

CVE-2019-3829 Open this link in a new tab CWE-415 Open this link in a new tab CWE-416 Open this link in a new tab

How to fix?

Upgrade Alpine:3.8 gnutls to version 3.6.7-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls package and not the gnutls package as distributed by Alpine. See How to fix? for Alpine:3.8 relevant fixed versions and status.

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.