CVE-2025-32989

CVE-2025-32989 : A heap-buffer-overread in GnuTLS occurs during X.509 certificate parsing of the CT SCT extension (OID 1.3.6.1.4.1.11129.2.4.2). A malformed SCT can lead to exposure of confidential data when certificates are validated for certain sites and SCT checks are not performed correctly. ...

CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

CVE-2025-32988

GnuTLS contains a double-free vulnerability (CVE-2025-32988) in SAN export logic for otherName when the type-id OID is invalid or malformed, leading to asn1_delete_structure() on a non-owned node and potential memory corruption or DoS. Public GnuTLS APIs can trigger it; impact is memory corruptio...

CVE-2025-32988 Gnutls: vulnerability in gnutls othername san export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

CVE-2025-32988 Gnutls: vulnerability in gnutls othername san export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the gnutlsfigurecommonciphersuite function. Remediation A fix was pushed into the master branch but not yet published. References - Fix Commit - PoC - Red Hat Bugzilla Bug - Release Notes Credit: Stefan Bühl...

GnuTLS 信任管理问题漏洞

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols from the GnuTLS open source. A trust management issue vulnerability exists in GnuTLS that stems from improper handling of CT SCT extensions when resolving X.509 certificates, which could lead to...

GnuTLS 代码问题漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols from the GnuTLS open source. A code issue vulnerability exists in GnuTLS that stems from a null pointer dereference in the gnutlsfigurecommonciphersuite function, which could lead to memory corruption and...

PT-2025-29041

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: A heap-buffer-overread issue exists in GnuTLS during the handling of the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This allows ...

GnuTLS 安全漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS that stems from a heap buffer overflow in the certtool tool's template parsing logic, which could lead to memory corruption and denial of service...

GnuTLS 资源管理错误漏洞

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols from the GnuTLS open source. A resource management error vulnerability exists in GnuTLS that stems from a double-release issue in the SAN entry export logic, which could result in a denial of service o...

PT-2025-29040

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.7.9-2+deb12u5 GnuTLS versions prior to 3.8.10-alt1 GnuTLS versions prior to 3.6.16-alt8 Description The GnuTLS library contains a flaw due to incorrect ownership handling in the export logic of Subject Alternative Na...

GnuTLS -- multiple vulnerabilities

Daiki Ueno reports: libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps Spotted by oss-fuzz and reported by OpenAI Security Research Team, and fix developed by Andrew Hamilton. GNUTLS-SA-2025-07-07-1, CVSS: medium CVE-2025-32989 libgnutls: Fix double-free upon error when...

PT-2025-29106

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: A flaw exists in GnuTLS within the gnutls figure common ciphersuite function. Reading specific settings from a template file can lead to an out-of-bounds NULL pointer write, causing memory...

PT-2025-29077

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: A heap-buffer-overflow flaw exists in the template parsing logic within the certtool utility. The issue occurs when reading certain settings from a template file, potentially leading to an...

Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.

Summary IBM TXSeries for Multiplatforms has been updated in order to address multiple vulnerabilities CVE-2024-12243, CVE-2024-12133, CVE-2024-8176. Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an...

CLSA-2025-1751552765 Update of gnutls

Bump nettle dependency to 3.10.1 RHEL-52740...

AlmaLinux 9 : gnutls (ALSA-2025:7076)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:7076 advisory. gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 Tenable has extracted the preceding description block directly...