CVE-2025-32990

CWE-122Heap-based Buffer OverflowCWE-20Improper Input ValidationCWE-18416 documents12 sources
Severity
8.2HIGH
EPSS
0.1%
top 76.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Enterprise LinuxRedhat Openshift Container Platform
Timeline
PublishedJul 10
Latest updateApr 9

Description

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

Debiangnutls28< 3.7.1-5+deb11u8+3

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

🔴Vulnerability Details

5
GHSA
Apache Tomcat has an Improper Input Validation vulnerability2026-04-09
OSV
gnutls28 vulnerabilities2025-09-09
OSV
CVE-2025-32990: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility2025-07-10
CVEList
Gnutls: vulnerability in gnutls certtool template parsing2025-07-10
GHSA
GHSA-v8v5-8mm8-3j8p: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility2025-07-10

📋Vendor Advisories

9
Red Hat
Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix2026-04-09
Oracle
Oracle Oracle Communications Risk Matrix: Platform (GnuTLS) — CVE-2025-329902026-01-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (GnuTLS) — CVE-2025-329902025-10-15
Ubuntu
GnuTLS vulnerabilities2025-09-09
Ubuntu
GnuTLS vulnerabilities2025-07-14

💬Community

1
Bugzilla
CVE-2026-32990 Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix2026-04-09