Vulnerability CVE-2019-3829

Vulnerability Name:

CVE-2019-3829 (CCN-158693)

Assigned:

2019-02-04

Published:

2019-02-04

Updated:

2019-05-30

Summary:

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-415
CWE-416

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2019-3829

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:1353

Source: REDHAT
Type: UNKNOWN
RHSA-2019:3600

Source: CCN
Type: Google Security Research Issue 1772
gnutls: use after free vulnerability in verify_crt()

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829

Source: XF
Type: UNKNOWN
gnutls-cve20193829-priv-esc(158693)

Source: CONFIRM
Type: Exploit, Patch, Third Party Advisory
https://gitlab.com/gnutls/gnutls/issues/694

Source: FEDORA
Type: UNKNOWN
FEDORA-2019-46df367eed

Source: FEDORA
Type: UNKNOWN
FEDORA-2019-e8c1cf958f

Source: FEDORA
Type: UNKNOWN
FEDORA-2019-971ded6f90

Source: CCN
Type: Packet Storm Security [03-27-2019]
GnuTLS verify_crt() Use-After-Free

Source: GENTOO
Type: UNKNOWN
GLSA-201904-14

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20190619-0004/

Source: UBUNTU
Type: UNKNOWN
USN-3999-1

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-28-2019]

Source: CCN
Type: GnuTLS Security Advisories Web site
GNUTLS-SA-2019-03-27

Source: MISC
Type: Exploit, Patch, Vendor Advisory
https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-3829

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gnutls:*:*:*:*:*:*:*:* (Version >= 3.5.8 and < 3.6.7)

Configuration 2:

cpe:/o:fedoraproject:fedora:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gnutls:3.6.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20193829	V	CVE-2019-3829	2023-06-22
oval:org.opensuse.security:def:7512	P	gnutls-3.7.3-150400.4.35.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:666	P	Security update for u-boot (Important)	2022-08-03
oval:org.opensuse.security:def:3172	P	libfreebl3-3.45-58.31.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3160	P	libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2937	P	gnutls-3.7.3-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94567	P	gnutls-3.7.3-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:70	P	gnutls-3.6.7-14.10.2 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:366	P	swtpm-0.5.3-150300.3.3.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:100435	P	(Important)	2022-03-14
oval:org.opensuse.security:def:999	P	Security update for containerd (Moderate)	2022-03-04
oval:org.opensuse.security:def:112326	P	gnutls-3.7.2-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:70853	P	Security update for apache2 (Important) (in QA)	2022-01-10
oval:org.opensuse.security:def:1293	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:69758	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:105847	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:49454	P	Security update for python3 (Moderate)	2021-10-20
oval:org.opensuse.security:def:49299	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:103265	P	gnutls-3.6.7-6.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96575	P	gnutls-3.6.7-6.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89610	P	gnutls-3.6.7-6.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61455	P	gnutls-3.6.7-6.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71196	P	gnutls-3.6.7-6.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:46887	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48044	P	ibus-1.5.13-15.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47825	P	mailx-12.5-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46888	P	apache-commons-daemon-1.0.15-4.181 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48271	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47216	P	binutils-2.26.1-9.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47588	P	cvs-1.12.12-182.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47810	P	libwavpack1-4.60.99-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47886	P	shadow-4.2.1-27.19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47811	P	libwireshark9-2.4.9-48.29.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48115	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48139	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47023	P	libgoa-1_0-0-3.20.4-7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47440	P	logrotate-3.11.0-1.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47802	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47948	P	apache-commons-httpclient-3.1-4.364 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47946	P	apache-commons-beanutils-1.9.2-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46902	P	busybox-1.21.1-3.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47348	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48013	P	gd-2.1.0-24.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2032	P	apache2-mod_wsgi-4.5.18-2.27 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2005	P	libicu60_2-60.2-3.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2431	P	strongswan-nm-5.8.2-11.8.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2034	P	cloud-init-20.2-8.45.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62088	P	gnutls-3.6.7-14.10.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1931	P	libgit2-28-0.28.4-1.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71829	P	gnutls-3.6.7-14.10.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100846	P	gnutls-3.6.7-14.10.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:49445	P	Security update for php72 (Moderate)	2021-07-29
oval:org.opensuse.security:def:51605	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:48949	P	libtag1-32bit-1.9.1-1.265 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48871	P	libsilc-1_1-2-1.1.10-24.128 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48636	P	tftp-5.2-10.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48936	P	libofx-0.9.9-3.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2441	P	bogofilter-common-1.2.4-1.40 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48753	P	pidgin-otr-4.0.0-6.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1979	P	reiserfs-kmp-default-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2473	P	xorg-x11-server-wayland-1.19.6-6.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48511	P	libjbig2-2.0-12.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1977	P	osc-0.162.1-1.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2435	P	MozillaThunderbird-52.8-1.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48494	P	libgc1-7.2d-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2467	P	libwmf-0_2-7-0.2.8.4-2.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48809	P	libwebkit2gtk3-lang-2.12.5-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48967	P	telepathy-gabble-0.18.3-5.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48495	P	libgcrypt20-1.6.1-16.33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48834	P	gd-32bit-2.1.0-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70966	P	libcolord2-1.4.2-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48948	P	libstaroffice-0_0-0-0.0.5-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48363	P	alsa-1.0.27.2-11.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48807	P	libvirt-client-32bit-2.0.0-26.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2453	P	imobiledevice-tools-1.2.0+git20170122.45fda81-1.44 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48725	P	gstreamer-0_10-plugins-bad-0.10.23-17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:69653	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:1988	P	pam-modules-12.1-3.17 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:1983	P	java-1_8_0-openjdk-1.8.0.201-3.16.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:51543	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:93722	P	(Moderate)	2020-12-10
oval:org.opensuse.security:def:2482	P	dia-0.97.3-2.32 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1999	P	reiserfs-kmp-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2512	P	transfig-3.2.6a-2.86 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2022	P	apache2-mod_wsgi-4.5.18-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71496	P	gnutls-3.6.7-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2522	P	colord-gtk-lang-0.1.26-1.48 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107101	P	gnutls-3.6.7-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1997	P	openldap2-back-meta-2.4.46-9.28.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2506	P	libvncclient0-0.9.10-4.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48975	P	bash-lang-4.3-83.23.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2520	P	bluez-cups-5.48-11.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49053	P	raptor-2.0.10-3.67 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49038	P	libtag1-32bit-1.9.1-1.265 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116659	P	gnutls-3.6.7-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2027	P	kernel-devel-azure-4.12.14-5.47.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61755	P	gnutls-3.6.7-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2682	P	Security update for gnutls (Important)	2020-12-02
oval:org.opensuse.security:def:2672	P	Security update for ghostscript (Important)	2020-12-02
oval:org.opensuse.security:def:49779	P	ctags on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73093	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51055	P	Security update for podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:49069	P	conntrack-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49107	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67513	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:50267	P	Security update for rsyslog (Moderate)	2020-12-01
oval:org.opensuse.security:def:49706	P	newt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64266	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49610	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49094	P	freetype2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49543	P	libcairo2-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49675	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50368	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:49938	P	apache2-mod_nss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49223	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50194	P	libgadu-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66402	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50098	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64179	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:50163	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51117	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:50314	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49700	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72975	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:67613	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50028	P	qemu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66310	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:com.redhat.rhsa:def:20193600	P	RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate)	2019-11-05
oval:com.ubuntu.xenial:def:201938290000000	V	CVE-2019-3829 on Ubuntu 16.04 LTS (xenial) - medium.	2019-03-27
oval:com.ubuntu.bionic:def:20193829000	V	CVE-2019-3829 on Ubuntu 18.04 LTS (bionic) - medium.	2019-03-27
oval:com.ubuntu.disco:def:201938290000000	V	CVE-2019-3829 on Ubuntu 19.04 (disco) - medium.	2019-03-27
oval:com.ubuntu.cosmic:def:20193829000	V	CVE-2019-3829 on Ubuntu 18.10 (cosmic) - medium.	2019-03-27
oval:com.ubuntu.cosmic:def:201938290000000	V	CVE-2019-3829 on Ubuntu 18.10 (cosmic) - medium.	2019-03-27
oval:com.ubuntu.trusty:def:20193829000	V	CVE-2019-3829 on Ubuntu 14.04 LTS (trusty) - medium.	2019-03-27
oval:com.ubuntu.bionic:def:201938290000000	V	CVE-2019-3829 on Ubuntu 18.04 LTS (bionic) - medium.	2019-03-27
oval:com.ubuntu.xenial:def:20193829000	V	CVE-2019-3829 on Ubuntu 16.04 LTS (xenial) - medium.	2019-03-27

BACK