CVE-2019-3836
HIGH7.5EPSS 0.73%Published: 4/1/2019Modified: 4/28/2026
Description
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Affected packages (2)
- Alpine/gnutlsfrom 0, < 3.6.7-r0
- Debian/gnutls28from 0, < 3.6.7-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |