PT-2025-29040 · Gnutls+10 · Gnutls+10

Published

2025-07-10

·

Updated

2026-03-29

·

CVE-2025-32988

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:N/C:N/I:P/A:C
Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.7.9-2+deb12u5 GnuTLS versions prior to 3.8.10-alt1 GnuTLS versions prior to 3.6.16-alt8
Description The GnuTLS library contains a flaw due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, the asn1 delete structure() function is called on an ASN.1 node that GnuTLS does not own, leading to a double-free condition when the parent function or caller attempts to free the same structure. This issue can be triggered using public GnuTLS APIs and may result in a denial of service or memory corruption, depending on the allocator behavior.
Recommendations Upgrade to GnuTLS version 3.7.9-2+deb12u5 or later. Upgrade to GnuTLS version 3.8.10-alt1 or later. Upgrade to GnuTLS version 3.6.16-alt8 or later.

Fix

DoS

Double Free

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025:16115
ALSA-2025:16116
ALSA-2025:17415
ALT-PU-2025-9109
ALT-PU-2025-9160
AZL-65085
AZL-65106
BDU:2025-11076
CESA-2025_17415
CVE-2025-32988
DLA-4267-1
DSA-5962-1
INFSA-2025_16116
INFSA-2025_17415
MGASA-2025-0225
OESA-2025-2007
OESA-2025-2008
OESA-2025-2009
OESA-2025-2010
OESA-2025-2011
OESA-2025-2084
OPENSUSE-SU-2025:15411-1
RHSA-2025:16115
RHSA-2025:16116
RHSA-2025:17348
RHSA-2025:17415
RHSA-2025_16116
RHSA-2025_17415
RHSA-2026:7477
SUSE-SU-2025:02340-1
SUSE-SU-2025:02583-1
SUSE-SU-2025:02589-1
SUSE-SU-2025:02595-1
SUSE-SU-2025:20563-1
SUSE-SU-2025:20665-1
SUSE-SU-2025_02583-1
SUSE-SU-2025_02589-1
SUSE-SU-2025_02595-1
USN-7635-1
USN-7742-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Gnutls
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu