CVE-2025-32988

Name
CVE-2025-32988
Description
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-32988
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2359622
vendor-advisory https://access.redhat.com/errata/RHSA-2025:16115
vendor-advisory https://access.redhat.com/errata/RHSA-2025:16116
vendor-advisory https://access.redhat.com/errata/RHSA-2025:17348
vendor-advisory https://access.redhat.com/errata/RHSA-2025:17361
vendor-advisory https://access.redhat.com/errata/RHSA-2025:17415
vendor-advisory https://access.redhat.com/errata/RHSA-2025:19088
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/07/11/3
vendor-advisory https://access.redhat.com/errata/RHSA-2025:17181
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:22529
secalert@redhat.com https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
secalert@redhat.com https://access.redhat.com/errata/RHSA-2026:7477
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Match rules

CPE URI Source package Min version Max version
shopxo >= 0 < 3.8.10
cpe:/o:redhat:enterprise_linux:10.0 shopxo >= 0:3.8.9-9.el10_0.14 < *
cpe:/a:redhat:discovery:2::el9 shopxo >= sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65 < *
cpe:/o:redhat:rhel_eus:9.4::baseos shopxo >= 0:3.8.3-4.el9_4.4 < *
cpe:/o:redhat:enterprise_linux:8::baseos shopxo >= 0:3.6.16-8.el8_10.4 < *
cpe:/o:redhat:enterprise_linux:9::baseos shopxo >= 0:3.8.3-6.el9_6.2 < *
cpe:/a:redhat:rhel_e4s:9.2::appstream shopxo >= 0:3.7.6-21.el9_2.4 < *
cpe:/a:redhat:insights_proxy:1.5::el9 shopxo >= sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207 < *
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* gnutls >= None < 3.8.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gnutls edge-main 3.8.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls edge-main 3.8.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.8.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.8.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.8.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.7.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.7.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.6.15-r0 None possibly vulnerable
gnutls edge-main 3.6.14-r0 None possibly vulnerable
gnutls edge-main 3.6.13-r0 None possibly vulnerable
gnutls edge-main 3.6.7-r0 None possibly vulnerable
gnutls edge-main 3.5.13-r0 None possibly vulnerable
gnutls 3.23-main 3.8.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.22-main 3.8.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.22-main 3.8.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.22-main 3.8.5-r0 None possibly vulnerable
gnutls 3.22-main 3.8.3-r0 None possibly vulnerable
gnutls 3.22-main 3.8.0-r0 None possibly vulnerable
gnutls 3.22-main 3.7.7-r0 None possibly vulnerable
gnutls 3.22-main 3.7.1-r0 None possibly vulnerable
gnutls 3.22-main 3.6.15-r0 None possibly vulnerable
gnutls 3.22-main 3.6.14-r0 None possibly vulnerable
gnutls 3.22-main 3.6.13-r0 None possibly vulnerable
gnutls 3.22-main 3.6.7-r0 None possibly vulnerable
gnutls 3.22-main 3.5.13-r0 None possibly vulnerable
gnutls 3.21-main 3.8.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.21-main 3.8.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.21-main 3.8.5-r0 None possibly vulnerable
gnutls 3.21-main 3.8.3-r0 None possibly vulnerable
gnutls 3.21-main 3.8.0-r0 None possibly vulnerable
gnutls 3.21-main 3.7.7-r0 None possibly vulnerable
gnutls 3.21-main 3.7.1-r0 None possibly vulnerable
gnutls 3.21-main 3.6.15-r0 None possibly vulnerable
gnutls 3.21-main 3.6.14-r0 None possibly vulnerable
gnutls 3.21-main 3.6.13-r0 None possibly vulnerable
gnutls 3.21-main 3.6.7-r0 None possibly vulnerable
gnutls 3.21-main 3.5.13-r0 None possibly vulnerable
gnutls 3.20-main 3.8.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.20-main 3.8.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.20-main 3.8.3-r0 None possibly vulnerable
gnutls 3.20-main 3.8.0-r0 None possibly vulnerable
gnutls 3.20-main 3.7.7-r0 None possibly vulnerable
gnutls 3.20-main 3.7.1-r0 None possibly vulnerable
gnutls 3.20-main 3.6.15-r0 None possibly vulnerable
gnutls 3.20-main 3.6.14-r0 None possibly vulnerable
gnutls 3.20-main 3.6.13-r0 None possibly vulnerable
gnutls 3.20-main 3.6.7-r0 None possibly vulnerable
gnutls 3.20-main 3.5.13-r0 None possibly vulnerable
gnutls 3.19-main 3.8.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.19-main 3.8.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls 3.19-main 3.8.0-r0 None possibly vulnerable
gnutls 3.19-main 3.7.7-r0 None possibly vulnerable
gnutls 3.19-main 3.7.1-r0 None possibly vulnerable
gnutls 3.19-main 3.6.15-r0 None possibly vulnerable
gnutls 3.19-main 3.6.14-r0 None possibly vulnerable
gnutls 3.19-main 3.6.13-r0 None possibly vulnerable
gnutls 3.19-main 3.6.7-r0 None possibly vulnerable
gnutls 3.19-main 3.5.13-r0 None possibly vulnerable