CVE-2025-32990

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:16115
https://access.redhat.com/errata/RHSA-2025:16116
https://access.redhat.com/errata/RHSA-2025:17181
https://access.redhat.com/errata/RHSA-2025:17348
https://access.redhat.com/errata/RHSA-2025:17361
https://access.redhat.com/errata/RHSA-2025:17415
https://access.redhat.com/errata/RHSA-2025:19088
https://access.redhat.com/errata/RHSA-2025:22529
https://access.redhat.com/security/cve/CVE-2025-32990	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359620	Issue Tracking
http://www.openwall.com/lists/oss-security/2025/07/11/3
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

History

No history.

Information

Published : 2025-07-10 10:15

Updated : 2025-12-01 22:15

NVD link : CVE-2025-32990

Mitre link : CVE-2025-32990

CVE.ORG link : CVE-2025-32990

JSON object : View

Products Affected

redhat

enterprise_linux
openshift_container_platform

gnu

gnutls

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2025-32990", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2025-07-10T10:15:33.060", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:16115", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:16116", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17181", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17348", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17361", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17415", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:19088", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:22529", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-32990", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system."}, {"lang": "es", "value": "Se detect\u00f3 una falla de desbordamiento de b\u00fafer de pila (desviaci\u00f3n de uno) en el software GnuTLS, en la l\u00f3gica de an\u00e1lisis de plantillas de la utilidad certtool. Al leer ciertas configuraciones de un archivo de plantilla, permite a un atacante provocar una escritura fuera de los l\u00edmites (OOB) en un puntero nulo, lo que resulta en corrupci\u00f3n de memoria y una denegaci\u00f3n de servicio (DoS) que podr\u00eda bloquear el sistema."}], "lastModified": "2025-12-01T22:15:48.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33A22858-21E1-479F-A9C4-AD2EFD059B93"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}