CVE-2025-32988

CWE-41513 documents9 sources
Severity
8.2HIGH
EPSS
0.1%
top 80.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU GnutlsRedhat Enterprise LinuxRedhat Openshift Container Platform
Timeline
PublishedJul 10
Latest updateJan 15

Description

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and m

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.2 | Impact: 4.2

Affected Packages4 packages

NVDgnu/gnutls< 3.8.10
Alpinegnutls< 3.8.12-r0+3
Debiangnutls28< 3.7.1-5+deb11u8+3
Ubuntugnutls28< 3.7.3-4ubuntu1.7+4

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

🔴Vulnerability Details

6
OSV
gnutls28 vulnerabilities2025-09-09
OSV
gnutls28 vulnerabilities2025-07-14
OSV
CVE-2025-32988: A flaw was found in GnuTLS2025-07-10
GHSA
GHSA-fv5h-vqpf-6fqj: A flaw was found in GnuTLS2025-07-10
OSV
CVE-2025-32988: A flaw was found in GnuTLS2025-07-10

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Risk Matrix: Third Party (GnuTLS) — CVE-2025-329882026-01-15
Ubuntu
GnuTLS vulnerabilities2025-09-09
Ubuntu
GnuTLS vulnerabilities2025-07-14
Red Hat
gnutls: Vulnerability in GnuTLS otherName SAN export2025-07-10
Microsoft
Gnutls: vulnerability in gnutls othername san export2025-07-08