CVE-2025-6395

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions: GnuTLS (affected versions not specified)

Description: A flaw exists in GnuTLS within the gnutls figure common ciphersuite() function. Reading specific settings from a template file can lead to an out-of-bounds NULL pointer write, causing memory corruption and a potential denial of service (DoS) that may crash the system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:16115

ALSA-2025:16116

ALSA-2025:17415

ALT-PU-2025-9109

ALT-PU-2025-9160

AZL-65154

AZL-65193

BDU:2025-08694

CESA-2025_17415

CVE-2025-6395

DLA-4267-1

DSA-5962-1

INFSA-2025_16116

INFSA-2025_17415

MGASA-2025-0225

OESA-2025-2007

OESA-2025-2008

OESA-2025-2009

OESA-2025-2010

OESA-2025-2011

OESA-2025-2084

OPENSUSE-SU-2025:15411-1

RHSA-2025:16115

RHSA-2025:16116

RHSA-2025_16116

RHSA-2025_17415

SUSE-SU-2025:02340-1

SUSE-SU-2025:02583-1

SUSE-SU-2025:02589-1

SUSE-SU-2025:02595-1

SUSE-SU-2025:20563-1

SUSE-SU-2025:20665-1

SUSE-SU-2025_02583-1

SUSE-SU-2025_02589-1

SUSE-SU-2025_02595-1

USN-7635-1

USN-7742-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Gnutls

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-6395

Weakness Enumeration

Related Identifiers

Affected Products

References · 125