vulnerability

FreeBSD: VID-fb30db8f-62af-11e9-b0de-001cc0382b2f (CVE-2019-3836): GnuTLS -- double free, invalid pointer access

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Apr 19, 2019	Apr 20, 2019	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Apr 19, 2019

Added

Apr 20, 2019

Modified

Dec 10, 2025

Description

The GnuTLS project reports: Tavis Ormandy from Google Project Zero found a memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. It was found using the TLS fuzzer tools that decoding a malformed TLS1.3 asynchronous message can cause a server crash via an invalid pointer access. The issue affects GnuTLS server applications since 3.6.4.

Solution

freebsd-upgrade-package-gnutls

References

CVE-2019-3836
https://attackerkb.com/topics/CVE-2019-3836
CWE-456
CWE-824

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today