Skip to main content

Gnutls CVE-2025-32990

| EUVDEUVD-2025-20990 HIGH
Heap-based Buffer Overflow (CWE-122)
2025-07-10 secalert@redhat.com
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Ubuntu
MEDIUM
qualitative
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

6
Severity Changed
Jun 25, 2026 - 05:22 NVD
MEDIUM HIGH
CVSS changed
Jun 25, 2026 - 05:22 NVD
6.5 (MEDIUM) 8.2 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-20990
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
CVE Published
Jul 10, 2025 - 10:15 nvd
MEDIUM 6.5

DescriptionNVD

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Analysis

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

More in Gnutls

View all
CVE-2021-20231 CRITICAL POC
9.8 Mar 12

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentic

CVE-2014-3466 MEDIUM POC
6.8 Jun 03

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15

CVE-2024-0553 HIGH POC
7.5 Jan 16

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no auth

CVE-2012-1663 HIGH POC
7.5 Mar 13

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (app

CVE-2020-24659 HIGH POC
7.5 Sep 04

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita

CVE-2019-3836 HIGH POC
7.5 Apr 01

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versio

CVE-2019-3829 HIGH POC
7.5 Mar 27

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. Rated high severity (CVSS 7.5), this vulnerability

CVE-2023-0361 HIGH POC
7.4 Feb 15

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (C

CVE-2012-1569 MEDIUM POC
5.0 Mar 26

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other pr

CVE-2017-5334 CRITICAL
9.8 Mar 24

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 al

CVE-2012-1573 MEDIUM POC
5.0 Mar 26

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with

CVE-2017-5336 CRITICAL
9.8 Mar 24

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x b

Vendor StatusVendor

Ubuntu

Priority: Medium
gnutls28
Release Status Version
upstream released 3.8.9-3
jammy released 3.7.3-4ubuntu1.7
noble released 3.8.3-1.1ubuntu3.4
plucky released 3.8.9-2ubuntu3.1
oracular ignored end of life, was needs-triage
bionic released 3.5.18-1ubuntu1.6+esm2
focal released 3.6.13-2ubuntu1.12+esm1
xenial released 3.4.10-4ubuntu1.9+esm2
questing released 3.8.9-3ubuntu1

Debian

gnutls28
Release Status Fixed Version Urgency
bullseye fixed 3.7.1-5+deb11u8 -
bullseye (security) fixed 3.7.1-5+deb11u9 -
bookworm fixed 3.7.9-2+deb12u5 -
bookworm (security) fixed 3.7.9-2+deb12u6 -
trixie (security), trixie fixed 3.8.9-3+deb13u2 -
forky, sid fixed 3.8.12-3 -
(unstable) fixed 3.8.9-3 -

SUSE

Severity: Medium
Product Status
Container bci/kiwi:latest Container bci/spack:0.23.1-11.31 Container containers/lmcache-vllm-openai:0.3.2-1.2 Container containers/open-webui:0.6.9-11.8 Container containers/vllm-openai:0.9.1-1.2 Container suse/manager/5.0/x86_64/server:5.0.5.1.7.33.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.1.8.7.1 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP6-SAPCAL-EC2 Image SLES15-SP6-SAPCAL-GCE Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-EC2 Image SLES15-SP7-EC2-ECS-HVM Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Azure Image SLES15-SP7-SAP-Azure-3P Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-EC2 Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-EC2 Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-Azure Image SLES15-SP7-SAP-Hardened-BYOS-Azure Image SLES15-SP7-SAP-Hardened-BYOS-EC2 Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Hardened-GCE Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE Image ai_15_6 Image server-image Affected
Container suse/sl-micro/6.0/baremetal-os-container:latest Affected
Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Affected
Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production Affected

Share

CVE-2025-32990 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy