7.5
CVE-2019-3836
- EPSS 0.37%
- Veröffentlicht 01.04.2019 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:39
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.58 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| secalert@redhat.com | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-456 Missing Initialization of a Variable
The product does not initialize critical variables, which causes the execution environment to use unexpected values.
CWE-824 Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.