FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fb30db8f-62af-11e9-b0de-001cc0382b2f	GnuTLS -- double free, invalid pointer access The GnuTLS project reports: Tavis Ormandy from Google Project Zero found a memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. It was found using the TLS fuzzer tools that decoding a malformed TLS1.3 asynchronous message can cause a server crash via an invalid pointer access. The issue affects GnuTLS server applications since 3.6.4. Discovery 2019-03-27 Entry 2019-04-19 gnutls < 3.6.7 https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 CVE-2019-3829 CVE-2019-3836

VuXML ID

Description

fb30db8f-62af-11e9-b0de-001cc0382b2f

GnuTLS -- double free, invalid pointer access

The GnuTLS project reports:

Tavis Ormandy from Google Project Zero found a memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

It was found using the TLS fuzzer tools that decoding a malformed TLS1.3 asynchronous message can cause a server crash via an invalid pointer access. The issue affects GnuTLS server applications since 3.6.4.

Discovery 2019-03-27
Entry 2019-04-19
gnutls

< 3.6.7

https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
CVE-2019-3829
CVE-2019-3836