Lucene search
K

15 matches found

OSV
OSV
added 2026/04/23 5:24 p.m.7 views

CLSA-2026-1776965055 Fix CVE(s): CVE-2025-32988, CVE-2025-32990

SECURITY UPDATE: heap buffer overflow in certtool template parsing - debian/patches/CVE-2025-32990.patch: use callocMAXENTRIES + 1 instead of mallocMAXENTRIES in READMULTILINE and READMULTILINETOKENIZED macros in src/certtool-cfg.c. - CVE-2025-32990 SECURITY UPDATE: double free when exporting...

8.2CVSS7.1AI score0.01185EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.3 views

EulerOS Virtualization 2.13.0 : gnutls (EulerOS-SA-2025-2576)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of...

8.2CVSS6.4AI score0.01185EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.3 views

EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2259)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...

8.2CVSS6.7AI score0.0072EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/16 12:0 a.m.3 views

Alibaba Cloud Linux 3 : 0163: gnutls (ALINUX3-SA-2025:0163)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0163 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-32988: A flaw was found in GnuTLS...

8.2CVSS6.4AI score0.01185EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 5:50 a.m.6 views

RLSA-2025:16116 Moderate: gnutls security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Vulnerability in GnuTLS certtool template parsing CVE-2025-32990 gnutls: Vulnerability in GnuTLS SCT extension...

6.5CVSS6.8AI score0.01185EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2025/10/08 6:40 p.m.7 views

gnutls security, bug fix, and enhancement update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

8.2CVSS6.9AI score0.01185EPSS
Exploits0
OSV
OSV
added 2025/09/26 7:39 p.m.4 views

CLSA-2025-1758915545 Fix CVE(s): CVE-2025-32988, CVE-2025-32990

SECURITY UPDATE: double-free when exporting SAN otherName - debian/patches/CVE-2025-32988.patch: fix double-free triggered when exporting certificates with multiple SAN otherName entries. - CVE-2025-32988 SECURITY UPDATE: 1-byte heap write in certtool template parsing -...

8.2CVSS6.9AI score0.01185EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/17 12:0 a.m.4 views

RHEL 9 : gnutls (RHSA-2025:16116)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16116 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

8.2CVSS6.8AI score0.01185EPSS
Exploits0References11
OSV
OSV
added 2025/09/02 3:16 p.m.3 views

MGASA-2025-0225 Updated gnutls packages fix vulnerabilities

null pointer dereference in gnutlsfigurecommonciphersuite. CVE-2025-6395 Vulnerability in gnutls othername san export. CVE-2025-32988 Vulnerability in gnutls sct extension parsing. CVE-2025-32989 Vulnerability in gnutls certtool template parsing. CVE-2025-32990...

8.2CVSS7AI score0.01185EPSS
Exploits0References3
Mageia
Mageia
added 2025/09/02 3:16 p.m.7 views

Updated gnutls packages fix vulnerabilities

null pointer dereference in gnutlsfigurecommonciphersuite. CVE-2025-6395 Vulnerability in gnutls othername san export. CVE-2025-32988 Vulnerability in gnutls sct extension parsing. CVE-2025-32989 Vulnerability in gnutls certtool template parsing. CVE-2025-32990...

8.2CVSS7AI score0.01185EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 11:18 a.m.3 views

OESA-2025-2084 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

8.2CVSS6.8AI score0.01185EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Amazon Linux 2 : gnutls (ALAS-2025-2969)

The version of gnutls installed on the remote host is prior to 3.3.29-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2969 advisory. A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility...

8.2CVSS6.6AI score0.0072EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2025-1140)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1140 advisory. A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName...

8.2CVSS6.3AI score0.01185EPSS
Exploits0References10
OSV
OSV
added 2025/08/15 12:39 p.m.3 views

OESA-2025-2007 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

8.2CVSS6.8AI score0.01185EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/07/10 9:41 a.m.1 views

CVE-2025-32990

A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds OOB NULL pointer write, resulting in memory corruption and a...

8.2CVSS5.7AI score0.0072EPSS
Exploits0References13
Rows per page
Query Builder