VuXML: GnuTLS -- multiple vulnerabilities

VuXML ID	c3e1df74-5e73-11f0-95e5-74563cf9e4e9
Discovery	2025-07-09
Entry	2025-07-14

Daiki Ueno reports:

libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps Spotted by oss-fuzz and reported by OpenAI Security Research Team, and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]

libgnutls: Fix double-free upon error when exporting otherName in SAN Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]

certtool: Fix 1-byte write buffer overrun when parsing template Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low] [CVE-2025-32990]

libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]

[source]

CVE Name	CVE-2025-32988
CVE Name	CVE-2025-32989
CVE Name	CVE-2025-32990
CVE Name	CVE-2025-6395
URL	https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html

GnuTLS -- multiple vulnerabilities

Details

References