CVE-2025-32988
Gnutls: vulnerability in gnutls othername san export
CVSS Score
6.5
EPSS Score
0.1%
EPSS Percentile
19th
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
| CWE | CWE-415 |
| Published | Jul 10, 2025 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Ceph Storage 7
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Insights proxy 1.5
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Hardened Images
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:16115 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:16116 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17181 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17348 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17361 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17415 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19088 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:22529 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-32988 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2359622 lists.gnupg.org: https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html openwall.com: http://www.openwall.com/lists/oss-security/2025/07/11/3