VDB

DEBIAN-CVE-2025-32990

DEBIAN-CVE-2025-32990 PUBLISHED CVSS 8.199999809265137 HIGH

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products

VendorProductVersions
Debian:12gnutls280, 3.7.9-2, 3.7.9-2+deb12u1
Debian:11gnutls283.7.1-5, 3.7.1-5, 3.7.1-5
Debian:13gnutls280, 0
Debian:14gnutls280, 0

Timeline

  • Jul 10, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›