CVE-2025-32990

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions: GnuTLS (affected versions not specified)

Description: A heap-buffer-overflow flaw exists in the template parsing logic within the certtool utility. The issue occurs when reading certain settings from a template file, potentially leading to an out-of-bounds NULL pointer write, memory corruption, and a denial-of-service (DoS) condition that could crash the system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Double Free

Heap Based Buffer Overflow

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-122CWE-476

Related Identifiers

ALSA-2025:16115

ALSA-2025:16116

ALSA-2025:17415

ALT-PU-2025-9109

ALT-PU-2025-9160

AZL-65091

AZL-65100

BDU:2025-08694

BDU:2025-11074

BDU:2025-11076

CESA-2025_17415

CVE-2025-32990

DLA-4267-1

DSA-5962-1

INFSA-2025_16116

INFSA-2025_17415

MGASA-2025-0225

OESA-2025-2007

OESA-2025-2008

OESA-2025-2009

OESA-2025-2010

OESA-2025-2011

OESA-2025-2084

OPENSUSE-SU-2025:15411-1

RHSA-2025:16115

RHSA-2025:16116

RHSA-2025_16116

RHSA-2025_17415

RHSA-2026:7477

SUSE-SU-2025:02340-1

SUSE-SU-2025:02520-1

SUSE-SU-2025:02521-1

SUSE-SU-2025:02583-1

SUSE-SU-2025:02589-1

SUSE-SU-2025:02595-1

SUSE-SU-2025:20563-1

SUSE-SU-2025:20665-1

SUSE-SU-2025_02520-1

SUSE-SU-2025_02521-1

SUSE-SU-2025_02583-1

SUSE-SU-2025_02589-1

SUSE-SU-2025_02595-1

USN-7635-1

USN-7742-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Gnutls

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-32990

Weakness Enumeration

Related Identifiers

Affected Products

References · 138