CVE-2025-32988

🔶 medium

Summary

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and m

Description

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.

This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

CVSS Score

6.5

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2025-07-10

First Seen: 2026-01-05

Last Modified 2025-12-01

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE IDs (Weakness Types)

CWE-415

🔗 References 12

https://access.redhat.com/errata/RHSA-2025:16115

https://access.redhat.com/errata/RHSA-2025:16116

https://access.redhat.com/errata/RHSA-2025:17181

https://access.redhat.com/errata/RHSA-2025:17348

https://access.redhat.com/errata/RHSA-2025:17361

https://access.redhat.com/errata/RHSA-2025:17415

https://access.redhat.com/errata/RHSA-2025:19088

https://access.redhat.com/errata/RHSA-2025:22529

https://access.redhat.com/security/cve/CVE-2025-32988

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2359622

Issue Tracking

http://www.openwall.com/lists/oss-security/2025/07/11/3

https://lists.debian.org/debian-lts-announce/2025/08...

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
gnu	gnutls	Affected	< 3.8.10
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
redhat	openshift_container_platform	Affected	v4.0

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-14512	🔶 medium	6.5	0.1	A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov...	2025-12-11
CVE-2025-14087	🔶 medium	5.6	0.3	A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a...	2025-12-10
CVE-2025-9784	⚠️ high	7.5	0.4	A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering ab...	2025-09-02
CVE-2025-8283	ℹ️ low	3.7	0.0	A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman se...	2025-07-28
CVE-2025-7519	🔶 medium	6.7	0.0	A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds wri...	2025-07-14
CVE-2025-32989	🔶 medium	5.3	0.1	A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Cert...	2025-07-10

These CVEs affect the same products