DEBIAN-CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

ALPINE-CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

Null pointer dereference

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

CVE-2019-3836

GNUTLS CVE-2019-3836: uninitialized/invalid pointer access in post-handshake message handling (TLS1.3 async messages) on versions prior to 3.6.7. Remote attacker can cause crash/Denial of Service; may enable arbitrary code execution per related advisories. Remediation: upgrade to GNUTLS 3.6.7 or ...

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

Fedora 29 : gnutls (2019-e8c1cf958f)

Update to upstream release 3.6.7 Security fix for CVE-2019-3836 and CVE-2019-3829 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

GnuTLS Null Pointer Dereference Vulnerability

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A null pointer dereference vulnerability exists in GnuTLS. An attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information by means of asynchronous messages in the...

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

[SECURITY] Fedora 29 Update: gnutls-3.6.7-1.fc29

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

[SECURITY] Fedora 30 Update: gnutls-3.6.7-1.fc30

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

gnutls verify_crt() memory corruption vulnerability

GnuTLS is a secure communications library that implements the SSL, TLS, and DTLS protocols and technologies surrounding them. A memory corruption vulnerability exists in gnutls verifycrt. An attacker can exploit this vulnerability to conduct malicious attacks...

gnutls double release vulnerability

GnuTLS is a free software implementation of the TLS, SSL and DTLS protocols. A double release vulnerability exists in the certificate validation API of gnutls. No detailed vulnerability details are provided at this time...

gnutls 3.6.6 - verify_crt() Use-After-Free Exploit

gnutls 3.6.6 - verifycrt Use-After-Free Exploit Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is...

Slackware 14.2 / current : gnutls (SSA:2019-086-01)

New gnutls packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-086-01. The text itself is copyright C Slackware Linux, Inc...

gnutls 3.6.6 - verify_crt() Use-After-Free

gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...

gnutls 3.6.6 - 'verify_crt()' Use-After-Free

Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely affected and can be compromised by a...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnutls-3.6.7-i586-1slack14.2.txz: Upgraded. Fixes security issues: libgnutls, gnutls tools: Every gnutlsfree will automatically set th...