A heap-buffer-overread flaw exists in the GnuTLS library’s handling of Certificate Transparency Signed Certificate Timestamp extensions during X.509 certificate parsing. The defect allows a malicious party to craft a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that reads beyond the intended bounds, potentially exposing sensitive data that was stored in the memory region. The exposure occurs when GnuTLS verifies certificates from affected sites, so any TLS-enabled application that processes such certificates could leak confidential information. This is a classic information‑disclosure vulnerability identified as CWE‑295.

All Red Hat products that incorporate the affected GnuTLS versions are impacted. The list includes Red Hat Ceph Storage 7, Red Hat Discovery 2, Red Hat Enterprise Linux 10, 8, 9, 7, and 6, the 9.2 Update Services for SAP Solutions and 9.4 Extended Update Support branches, Red Hat Hardened Images, Red Hat Insights proxy 1.5, and the Red Hat OpenShift Container Platform 4. The vulnerability lies in the base GnuTLS library shipped with these operating systems and container images.

The CVSS score of 5.3 reflects moderate severity, while the EPSS score of less than 1% indicates a very low probability of exploitation at present. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote: an attacker can supply a malicious certificate to a client employing GnuTLS (for example, by redirecting a user to a compromised website or via a forged certificate presented by a server). The flaw does not provide denial of service nor privilege escalation, but it yields sensitive data leakage from client memory that the certificate is parsed from. Proper remediation requires applying the relevant Red Hat errata that patch GnuTLS to eliminate the overread.