VDB
CVE-2019-3836
CVE-2019-3836
PUBLISHED
CVSS 5.900000095367432 MEDIUM
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
EPSS 0.73% · 73.1th percentile
Risk Scores
CVSS 3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.73%
73.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 28 |
| gnutls | gnutls | fixed in gnutls 3.6.7 |
| opensuse | leap | 15.0 |
| gnu | gnutls | 3.6.3 |
Exploit Intelligence
- USN-3999-1 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836 (circl)
- FEDORA-2019-46df367eed (circl)
- GLSA-201904-14 (circl)
- https://security.netapp.com/advisory/ntap-20190502-0005/ (circl)
- openSUSE-SU-2019:1353 (circl)
- RHSA-2019:3600 (circl)
- https://gitlab.com/gnutls/gnutls/issues/704 (nist-nvd)
- glcve_test.go (github-poc)
- glcve_test.go (github-poc)
…and 3 more exploits
Timeline
- Apr 1, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836 url
- https://gitlab.com/gnutls/gnutls/issues/704 url
- FEDORA-2019-46df367eed vendor-advisory
- GLSA-201904-14 vendor-advisory
- https://security.netapp.com/advisory/ntap-20190502-0005/ url
- openSUSE-SU-2019:1353 vendor-advisory
- USN-3999-1 vendor-advisory
- RHSA-2019:3600 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-3836 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN url
- https://security.netapp.com/advisory/ntap-20190502-0005 url
- https://usn.ubuntu.com/3999-1 url