Double free in GnuTLS

#VU18107 Double free in GnuTLS

Published: 2019-04-01

Vulnerability identifier: #VU18107

Vulnerability risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3829

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a double free error in the certificate verification API when processing X.509 crtificates. A remote attacker can supply a specially crafted X.509 certificate, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

GnuTLS: 3.5.8 - 3.6.6

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829
http://gitlab.com/gnutls/gnutls/issues/694
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/
http://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for gnutls

Ubuntu update for GnuTLS

OpenSUSE Linux update for gnutls

Gentoo update for GnuTLS

Multiple vulnerabilities in GnuTLS

Double free in gnutls (Alpine package)