CVE Catalog

CVE-2025-32990

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.72%

49th percentile - higher than 49% of all known CVEs

Summary

A heap-buffer-overflow (off-by-one) vulnerability was found in the GnuTLS software in the template parsing logic of the certtool utility. An attacker can exploit this to cause an out-of-bounds NULL pointer write, leading to memory corruption and a denial-of-service (DoS) that could crash the system.

Risk Assessment

The risk is that an attacker could cause a system crash by providing a specially crafted template file, potentially disrupting critical services.

Recommendation

Immediately update GnuTLS to the latest patched version and restrict access to the certtool utility to trusted users only.

Original NVD description (English source)

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS