CVE-2025-32990

Summary

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Affected Software

VendorProductVersion RangeStatus
0 < 3.8.10affected
Red HatRed Hat Enterprise Linux 100:3.8.9-9.el10_0.14 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.4 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.4 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.8.3-6.el9_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.8.3-6.el9_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:3.7.6-21.el9_2.4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:3.8.3-4.el9_4.4 < *unaffected
Red HatRed Hat Ceph Storage 77 < *unaffected
Red HatRed Hat Discovery 22.3.0-1760554384 < *unaffected
Red HatRed Hat Hardened Images3.8.12-1.1.hum1 < *unaffected
Red HatRed Hat Insights proxy 1.51.5.7-1759331989 < *unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

Workarounds

Currently, no mitigation is available for this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References