CVE-2025-32990

Published: Jul 10, 2025

Modified: Apr 20, 2026

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Vendor	Product	Versions
Unknown	libgnutls	affected `0 - < 3.8.10`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:3.8.9-9.el10_0.14 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.6.16-8.el8_10.4 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.6.16-8.el8_10.4 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.8.3-6.el9_6.2 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.8.3-6.el9_6.2 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	unaffected `0:3.7.6-21.el9_2.4 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:3.8.3-4.el9_4.4 - < *`
Red Hat	Red Hat Ceph Storage 7	unaffected `sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe - < *`
Red Hat	Red Hat Discovery 2	unaffected `sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648 - < *`
Red Hat	Red Hat Hardened Images	unaffected `3.8.12-1.1.hum1 - < *`
Red Hat	Red Hat Insights proxy 1.5	unaffected `sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions