CVE-2019-3829

MEDIUM

GnuTLS 3.5.8-3.6.6 - Memory Corruption via Certificate Verification API

Title source: llm
STIX 2.1

Description

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

References (11)

Core 11
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://gitlab.com/gnutls/gnutls/issues/694
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201904-14
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3999-1/
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190619-0004/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3600

Scores

CVSS v3 5.3
EPSS 0.0208
EPSS Percentile 84.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-415 CWE-416
Status published
Products (2)
fedoraproject/fedora
gnu/gnutls 3.5.8 - 3.6.7
Published Mar 27, 2019
Tracked Since Feb 18, 2026