How to fix EUVD-2025-20990?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Heap Overflow affected by EUVD-2025-20990?

CVE-2025-32990 presents notable security risk, a heap-based buffer overflow vulnerability rated CVSS 6.5. Exploitation could cause memory corruption or application crashes. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-20990

| CVE-2025-32990 MEDIUM

2025-07-10 [email protected]

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-20990

CVE Published

Jul 10, 2025 - 10:15 nvd

MEDIUM 6.5

Description

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Analysis

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Heap-based Buffer Overflow (CWE-122).

Affected Products

Affected products: Gnu Gnutls -, Redhat Openshift Container Platform 4.0, Redhat Enterprise Linux 6.0

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +32

POC: 0

Vendor Status

Ubuntu

Priority: Medium

gnutls28

Release	Status	Version
upstream	released	3.8.9-3
jammy	released	3.7.3-4ubuntu1.7
noble	released	3.8.3-1.1ubuntu3.4
plucky	released	3.8.9-2ubuntu3.1
oracular	ignored	end of life, was needs-triage
bionic	released	3.5.18-1ubuntu1.6+esm2
focal	released	3.6.13-2ubuntu1.12+esm1
xenial	released	3.4.10-4ubuntu1.9+esm2
questing	released	3.8.9-3ubuntu1

USN-7635-1 USN-7742-1

Debian

gnutls28

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.7.1-5+deb11u8	-
bullseye (security)	fixed	3.7.1-5+deb11u9	-
bookworm	fixed	3.7.9-2+deb12u5	-
bookworm (security)	fixed	3.7.9-2+deb12u6	-
trixie (security), trixie	fixed	3.8.9-3+deb13u2	-
forky, sid	fixed	3.8.12-3	-
(unstable)	fixed	3.8.9-3	-

DLA-4267-1 DSA-5962-1

EUVD-2025-20990 vulnerability details – vuln.today

Back

EUVD-2025-20990

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-20990

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code