CVE-2025-32990

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

References

Affected packages

Debian:11 / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/debian/gnutls28?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.1-5

3.7.1-5+deb11u1

3.7.1-5+deb11u2

3.7.1-5+deb11u3

3.7.1-5+deb11u4

3.7.1-5+deb11u5

3.7.1-5+deb11u6

3.7.1-5+deb11u7

3.7.2-1

3.7.2-2

3.7.2-3

3.7.2-4

3.7.2-5

3.7.3-1

3.7.3-2

3.7.3-3

3.7.3-4

3.7.4-1

3.7.4-2

3.7.5-1

3.7.6-1

3.7.6-2

3.7.7-1

3.7.7-2

3.7.8-1

3.7.8-2

3.7.8-3

3.7.8-4

3.7.8-5

3.7.9-1

3.7.9-2

3.7.9-2+loong64

3.8.0+git20230413-1

3.8.0+git20230529-1

3.8.0+git20230713-1

3.8.1-1

3.8.1-2

3.8.1-3

3.8.1-4

3.8.2-1

3.8.3-1

3.8.3-1.1~exp1

3.8.3-1.1

3.8.4-1

3.8.4-2

3.8.5-1

3.8.5-2

3.8.5-3

3.8.5-4

3.8.6-1

3.8.6-2

3.8.7.1-1

3.8.8-1

3.8.8-2

3.8.9-1

3.8.9-2

3.8.9-3

3.8.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/debian/gnutls28?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.9-2+deb12u5

Affected versions

3.*

3.7.9-2

3.7.9-2+deb12u1

3.7.9-2+deb12u2

3.7.9-2+deb12u3

3.7.9-2+deb12u4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/debian/gnutls28?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.9-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}