OESA-2025-2084
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2084
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2084.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-2084
- Upstream
- Published
- 2025-08-29T11:18:01Z
- Modified
- 2025-08-29T15:34:06.634204Z
- Summary
- gnutls security update
- Details
-
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.
Security Fix(es):
A vulnerability, which was classified as critical, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-32988)
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. There is a security vulnerability in GnuTLS that originates from a heap buffer overflow in the certtool tool template parsing logic, which can lead to memory corruption and denial of service.(CVE-2025-32990)
A vulnerability, which was classified as problematic, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21000).(CVE-2025-6395)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4 / gnutls
Package
- Name
- gnutls
- Purl
- pkg:rpm/openEuler/gnutls&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.14-18.oe2003sp4
Ecosystem specific
{
"aarch64": [
"gnutls-3.6.14-18.oe2003sp4.aarch64.rpm",
"gnutls-debuginfo-3.6.14-18.oe2003sp4.aarch64.rpm",
"gnutls-debugsource-3.6.14-18.oe2003sp4.aarch64.rpm",
"gnutls-devel-3.6.14-18.oe2003sp4.aarch64.rpm",
"gnutls-utils-3.6.14-18.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"gnutls-3.6.14-18.oe2003sp4.x86_64.rpm",
"gnutls-debuginfo-3.6.14-18.oe2003sp4.x86_64.rpm",
"gnutls-debugsource-3.6.14-18.oe2003sp4.x86_64.rpm",
"gnutls-devel-3.6.14-18.oe2003sp4.x86_64.rpm",
"gnutls-utils-3.6.14-18.oe2003sp4.x86_64.rpm"
],
"noarch": [
"gnutls-help-3.6.14-18.oe2003sp4.noarch.rpm"
],
"src": [
"gnutls-3.6.14-18.oe2003sp4.src.rpm"
]
}