UBUNTU-CVE-2025-32990

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-32990

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-32990.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-32990

Upstream

CVE-2025-32990

Published

2025-07-10T10:15:00Z

Modified

2025-07-14T04:51:09Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

References

Affected packages

Ubuntu:Pro:16.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.4.10-4ubuntu1.9+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.15-5ubuntu2

3.3.18-1ubuntu1

3.3.20-1ubuntu1

3.4.9-2ubuntu1

3.4.10-4ubuntu1

3.4.10-4ubuntu1.1

3.4.10-4ubuntu1.2

3.4.10-4ubuntu1.3

3.4.10-4ubuntu1.4

3.4.10-4ubuntu1.5

3.4.10-4ubuntu1.6

3.4.10-4ubuntu1.7

3.4.10-4ubuntu1.8

3.4.10-4ubuntu1.9

3.4.10-4ubuntu1.9+esm1

Ubuntu:Pro:18.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.5.18-1ubuntu1.6+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.8-6ubuntu3

3.5.17-1ubuntu1

3.5.17-1ubuntu3

3.5.18-1ubuntu1

3.5.18-1ubuntu1.1

3.5.18-1ubuntu1.2

3.5.18-1ubuntu1.3

3.5.18-1ubuntu1.4

3.5.18-1ubuntu1.5

3.5.18-1ubuntu1.6

3.5.18-1ubuntu1.6+esm1

Ubuntu:Pro:20.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.12?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.9-5ubuntu1

3.6.9-5ubuntu2

3.6.10-5

3.6.11.1-2

3.6.11.1-2ubuntu2

3.6.13-2ubuntu1

3.6.13-2ubuntu1.1

3.6.13-2ubuntu1.2

3.6.13-2ubuntu1.3

3.6.13-2ubuntu1.6

3.6.13-2ubuntu1.7

3.6.13-2ubuntu1.8

3.6.13-2ubuntu1.9

3.6.13-2ubuntu1.10

3.6.13-2ubuntu1.11

3.6.13-2ubuntu1.12

Ubuntu:22.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.1-5ubuntu1

3.7.2-2ubuntu1

3.7.2-4ubuntu1

3.7.2-5ubuntu1

3.7.3-4ubuntu1

3.7.3-4ubuntu1.1

3.7.3-4ubuntu1.2

3.7.3-4ubuntu1.3

3.7.3-4ubuntu1.4

3.7.3-4ubuntu1.5

3.7.3-4ubuntu1.6

Ubuntu:Pro:FIPS-preview:22.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.2+Fips1.1?arch=source&distro=fips-preview/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.3-4ubuntu1.2+Fips1.1

Ubuntu:Pro:FIPS-updates:22.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.6+Fips1?arch=source&distro=fips-updates/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.3-4ubuntu1.2+Fips1.1

3.7.3-4ubuntu1.3+Fips1.1

3.7.3-4ubuntu1.4+Fips1

3.7.3-4ubuntu1.5+Fips1

3.7.3-4ubuntu1.6+Fips1

Ubuntu:24.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.8.3-1.1ubuntu3.3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.1-4ubuntu1

3.8.1-4ubuntu6

3.8.1-4ubuntu7

3.8.3-1ubuntu1

3.8.3-1.1ubuntu2

3.8.3-1.1ubuntu3

3.8.3-1.1ubuntu3.1

3.8.3-1.1ubuntu3.2

3.8.3-1.1ubuntu3.3

Ubuntu:25.04 / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28@3.8.9-2ubuntu3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.6-2ubuntu1

3.8.8-2ubuntu1

3.8.9-2ubuntu1

3.8.9-2ubuntu2

3.8.9-2ubuntu3