CVE-2025-32989

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified) gnutls28 versions prior to 3.7.9-2+deb12u5 gnutls30 versions prior to 3.8.10-alt1

Description GnuTLS is a library that implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. A heap-buffer-overread issue exists in GnuTLS related to how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) with sensitive data. The issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites if the certificate (SCT) is not checked correctly. Exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential information.

Recommendations Upgrade gnutls28 to version 3.7.9-2+deb12u5 or later. Upgrade gnutls30 to version 3.8.10-alt1 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.