VDB
CVE-2019-3829
CVE-2019-3829
PUBLISHED
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
EPSS 2.08% · 84.3th percentile
Risk Scores
EPSS Score
2.08%
84.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | gnutls28 | 3.5.17-1ubuntu1, 3.5.17-1ubuntu3, 3.5.18-1ubuntu1 |
Exploit Intelligence
- USN-3999-1 (circl)
- https://security.netapp.com/advisory/ntap-20190619-0004/ (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829 (circl)
- FEDORA-2019-971ded6f90 (circl)
- FEDORA-2019-e8c1cf958f (circl)
- FEDORA-2019-46df367eed (circl)
- GLSA-201904-14 (circl)
- openSUSE-SU-2019:1353 (circl)
- RHSA-2019:3600 (circl)
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 (nist-nvd)
…and 7 more exploits
Timeline
- Mar 27, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3829 third-party-advisory
- https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3999-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3829 third-party-advisory