CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

References

Affected packages

Git / github.com/gnutls/gnutls

Affected ranges

Type: GIT
Repo: https://github.com/gnutls/gnutls
Events: Introduced

c87f22eec1b412aaafa873ff81b02f52532bfa79

Fixed

2a40a3d90df001c520ab5f25f97608f5eb3c489e

Affected versions

Other

gnutls_3_6_3

gnutls_3_6_4

gnutls_3_6_5

gnutls_3_6_6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3836.json"