{"id":"CVE-2019-3836","details":"It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.","modified":"2026-04-02T02:07:51.422889Z","published":"2019-04-01T15:29:01.060Z","related":["CGA-v6pp-9cpc-jp6m","SUSE-SU-2019:1121-1","openSUSE-SU-2019:1353-1","openSUSE-SU-2024:10801-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/3999-1/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190502-0005/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3600"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201904-14"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"},{"type":"REPORT","url":"https://gitlab.com/gnutls/gnutls/issues/704"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnutls/gnutls","events":[{"introduced":"c87f22eec1b412aaafa873ff81b02f52532bfa79"},{"fixed":"2a40a3d90df001c520ab5f25f97608f5eb3c489e"}],"database_specific":{"versions":[{"introduced":"3.6.3"},{"fixed":"3.6.7"}]}}],"versions":["gnutls_3_6_3","gnutls_3_6_4","gnutls_3_6_5","gnutls_3_6_6"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3836.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}