SB2019110612 - Red Hat update for gnutls 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019110612

SB2019110612 - Red Hat update for gnutls

Published: November 6, 2019

Security Bulletin ID SB2019110612
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Double free (CVE-ID: CVE-2019-3829)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a double free error in the certificate verification API when processing X.509  crtificates. A remote attacker can supply a specially crafted X.509  certificate, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Buffer overflow (CVE-ID: CVE-2019-3836)

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to uninitialized pointer access when processing TLS1.3 asynchronous messages. A remote attacker can pass specially crafted asynchronous post-handshake message, trigger memory corruption and perform denial of service attack.


Remediation

Install update from vendor's website.

References