CVE-2019-3829

Published: Mar 27, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

Affected (2)

Products: Gnu: Gnutls · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Gnutls	From 3.5.8 to 3.6.7

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	All versions

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:3600

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://gitlab.com/gnutls/gnutls/issues/694

Source: secalert@redhat.com

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201904-14

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20190619-0004/

Source: secalert@redhat.com

https://usn.ubuntu.com/3999-1/

Source: secalert@redhat.com

https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

Source: secalert@redhat.com

ExploitPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:3600

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://gitlab.com/gnutls/gnutls/issues/694

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201904-14

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20190619-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3999-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.