Description
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.

This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Published: 2025-07-10
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A double‑free condition exists in GnuTLS when exporting Subject Alternative Name entries that contain an otherName. If the OID of the type‑id is malformed, the library deletes an ASN.1 node it does not own and later frees the same structure again, leading to memory corruption or a crash. The vulnerability is triggered through public GnuTLS APIs and can result in denial of service or corruption of application memory.

Affected Systems

Red Hat Ceph Storage 7, Red Hat Discovery 2, Red Hat Enterprise Linux 6, 7, 8, 9, the 9.2 Update Services for SAP Solutions, the 9.4 Extended Update Support, Red Hat Hardened Images, insights proxy 1.5, and Red Hat OpenShift Container Platform 4. Red Hat Enterprise Linux 10 is also listed via a CPE but the version impact is not specified beyond the CPE.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate risk, while an EPSS score of less than 1% suggests a very low likelihood of exploitation at present. Based on the description, the vulnerability can be triggered via public GnuTLS APIs that export SAN entries containing an otherName with an invalid or malformed OID, causing a double‑free that can lead to memory corruption or a crash. The attack vector is not explicitly defined in the description; it could involve any application that processes such SAN data, but local versus remote execution is not confirmed. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 20, 2026 at 20:21 UTC.

Remediation

Vendor Workaround

Currently, no mitigation is available for this vulnerability.

OpenCVE Recommended Actions

  • Apply the applicable Red Hat Security Advisories (RHSA-2025:16115, RHSA-2025:16116, RHSA-2025:17181, RHSA-2025:17348, RHSA-2025:17361, RHSA-2025:17415, RHSA-2025:19088, RHSA-2025:22529) that patch the GnuTLS library in your affected Red‑Hat product.
  • Restart or reload any services or containers that rely on GnuTLS so the updated library is loaded.
  • Monitor system logs for signs of memory corruption or sudden crashes that could indicate residual exploitation risk.
  • No workaround is available; await the release of a patch.

Generated by OpenCVE AI on April 20, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4267-1 gnutls28 security update
Debian DSA Debian DSA DSA-5962-1 gnutls28 security update
EUVD EUVD EUVD-2025-20928 A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Ubuntu USN Ubuntu USN USN-7635-1 GnuTLS vulnerabilities
Ubuntu USN Ubuntu USN USN-7742-1 GnuTLS vulnerabilities
History

Mon, 20 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 26 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Mon, 01 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ceph Storage
CPEs cpe:/a:redhat:ceph_storage:7::el9
Vendors & Products Redhat ceph Storage
References

Thu, 06 Nov 2025 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Wed, 08 Oct 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Tue, 07 Oct 2025 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 06 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
Vendors & Products Redhat rhel E4s
References

Mon, 06 Oct 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Fri, 03 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 17 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 17 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Thu, 21 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Redhat openshift Container Platform
CPEs cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu gnutls
Redhat openshift Container Platform

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

 epss

{'score': 0.00052}

Thu, 10 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 10 Jul 2025 08:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Title Gnutls: vulnerability in gnutls othername san export
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-415
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Gnu Gnutls
Redhat Ceph Storage Discovery Enterprise Linux Hummingbird Insights Proxy Openshift Openshift Container Platform Rhel E4s Rhel Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-20T21:35:28.412Z

Reserved: 2025-04-15T01:31:12.104Z

Link: CVE-2025-32988

cve-icon Vulnrichment

Updated: 2025-11-04T21:10:06.061Z

cve-icon NVD

Status : Modified

Published: 2025-07-10T08:15:24.223

Modified: 2026-04-20T22:16:21.420

Link: CVE-2025-32988

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-10T07:55:14Z

Links: CVE-2025-32988 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T20:30:16Z

Weaknesses