VDB
ALPINE-CVE-2019-3836
ALPINE-CVE-2019-3836
PUBLISHED
CVSS 7.5 HIGH
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.14 | gnutls | 3.6.6-r0, 2.10.5-r0, 2.10.5-r1 |
| Alpine:v3.21 | gnutls | 0, 2.10.4-r0, 2.10.5-r0 |
| Alpine:v3.11 | gnutls | 3.3.14-r0, 0, 2.10.4-r0 |
| Alpine:v3.17 | gnutls | 0, 2.10.4-r0, 2.10.5-r2 |
| Alpine:v3.22 | gnutls | 3.6.6-r0, 3.6.5-r0, 3.6.4-r0 |
| Alpine:v3.12 | gnutls | 0, 2.10.5-r1, 2.10.5-r2 |
| Alpine:v3.18 | gnutls | 2.10.5-r1, 2.10.5-r2, 2.12.16-r0 |
| Alpine:v3.9 | gnutls | 2.8.6-r3, 3.6.5-r0, 3.6.4-r0 |
| Alpine:v3.8 | gnutls | 3.6.6-r0, 0, 2.10.4-r0 |
| Alpine:v3.13 | gnutls | 2.10.4-r0, 3.6.6-r0, 3.6.5-r0 |
| Alpine:v3.19 | gnutls | 2.6.4-r0, 3.6.6-r0, 3.6.5-r0 |
| Alpine:v3.23 | gnutls | 3.6.6-r0, 2.10.5-r0, 2.10.5-r1 |
| Alpine:v3.16 | gnutls | 0, 2.10.5-r0, 2.10.5-r2 |
| Alpine:v3.15 | gnutls | 2.10.5-r1, 0, 2.10.4-r0 |
| Alpine:v3.20 | gnutls | 3.6.6-r0, 3.6.5-r0, 3.6.4-r0 |
| Alpine:v3.10 | gnutls | 3.6.6-r0, 3.6.5-r0, 3.6.4-r0 |
Timeline
- Apr 1, 2019 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch