Double Free in gnutls28

Do your applications use this vulnerable package? Test your applications

Overview

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

References

CONFIRM
CONFIRM
CVE Details
Debian Security Tracker
Fedora Security Update
Fedora Security Update
Fedora Security Update
Gentoo Security Advisory
MISC
OpenSuse Security Announcement
REDHAT
RedHat Bugzilla Bug
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-3829
CWE: CWE-415 CWE-416
Snyk ID: SNYK-DEBIAN9-GNUTLS28-341661
Disclosed: 27 Mar, 2019
Published: 27 Mar, 2019

Double Free
Affecting gnutls28 package, versions <3.5.8-5+deb9u5

Overview

References

CVSS Score

Double Free Affecting gnutls28 package, versions <3.5.8-5+deb9u5

Overview

References

Double Free
Affecting gnutls28 package, versions <3.5.8-5+deb9u5