It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00482
Percentile: 0.64187

CVSS Scoring

Mapped CWE(s)

• CWE-456 : Missing Initialization of a Variable
• CWE-824 : Access of Uninitialized Pointer

Affected Products

• cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

← Back to Home