{ "schema_version": "1.4.0", "id": "GHSA-mm54-95hq-f739", "modified": "2022-05-14T00:59:49Z", "published": "2022-05-14T00:59:49Z", "aliases": [ "CVE-2019-3829" ], "details": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3829" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3600" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829" }, { "type": "WEB", "url": "https://gitlab.com/gnutls/gnutls/issues/694" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201904-14" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20190619-0004" }, { "type": "WEB", "url": "https://usn.ubuntu.com/3999-1" }, { "type": "WEB", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" } ], "database_specific": { "cwe_ids": [ "CWE-415" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-03-27T18:29:00Z" } }