Bug 1678411 (CVE-2019-3836)
Summary: | CVE-2019-3836 gnutls: invalid pointer access upon receiving async handshake messages | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cfergeau, crypto-team, erik-fedora, hkario, iamleot+rhbugzilla, jv+fedora, mike, pemensik, pspacek, rh-spice-bugs, rjones, tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | gnutls 3.6.7 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the way gnutls handled malformed TLS 1.3 asynchronous messages. An attacker could use this flaw to crash an application compiled with gnutls via invalid pointer access.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-06 00:52:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1693214, 1693288, 1693289 | ||
Bug Blocks: | 1678414 |
Description
Pedro Sampaio
2019-02-18 17:41:29 UTC
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1693214] the tlsfuzzer[1] test-tls13-keyupdate.py[2] test script can be used in concert with valgrind to verify the fix 1 - https://github.com/tomato42/tlsfuzzer 2 - https://github.com/tomato42/tlsfuzzer/pull/501 Hello! according: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 it seems that versions since 3.6.4 are affected (not 3.6.3 as originally pointed out by Pedro in the 1st comment). Is also 3.6.3 affected? Thanks! (In reply to Leonardo Taccari from comment #5) > Hello! > according: > > https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 > > it seems that versions since 3.6.4 are affected (not 3.6.3 as originally > pointed out by Pedro in the 1st comment). > Is also 3.6.3 affected? > > > Thanks! Yes, I believe you are right. Fixed. Thank you for pointing that out. Acknowledgments: Name: Hubert Kario (Red Hat QE BaseOS Security team) External References: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 (In reply to Huzaifa S. Sidhpurwala from comment #7) > Acknowledgments: > > Name: Hubert Kario (Red Hat QE BaseOS Security team) Actually the issue was identified by Daiki Ueno (Red Hat BaseOS Crypto team), I've just slightly extended tests originally written by Róbert Kolcún. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3600 https://access.redhat.com/errata/RHSA-2019:3600 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-3836 |