Description
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Published: 2025-07-10
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A heap‑buffer‑overflow (off‑by‑one) flaw exists in the certtool utility of GnuTLS during template parsing. When certtool reads specific settings from a template file, it writes a NULL pointer one byte beyond a heap buffer, corrupting memory and causing a denial‑of‑service by crashing the process or the host. The weakness is categorized as CWE‑122.

Affected Systems

The vulnerability affects Red Hat–supported products that depend on GnuTLS, such as Ceph Storage 7, Discovery 2, Enterprise Linux 6–8 and 9 (including 9.2 and 9.4 Extended Update Support), Hardened Images, Insights Proxy 1.5, and OpenShift Container Platform 4. Any system that runs gnutls certtool and processes template files is susceptible.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. It is not included in CISA’s KEV catalog. Based on the description, the likely attack vector is local or requires privileged access to supply a malicious template file; remote exploitation would need the attacker to gain such access or otherwise influence certtool’s input. While rare, the impact is a system crash, making the vulnerability actionable.

Generated by OpenCVE AI on April 20, 2026 at 18:07 UTC.

Remediation

Vendor Workaround

Currently, no mitigation is available for this vulnerability.

OpenCVE Recommended Actions

  • Apply the relevant Red Hat errata packages, such as RHSA‑2025:16115 and accompanying updates, to affected systems.
  • If no errata is available for the current version, refrain from running certtool with untrusted template files or disable the utility if it is not essential.
  • Regularly monitor Red Hat advisory pages and update your installations as soon as a fix is released.

Generated by OpenCVE AI on April 20, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4267-1 gnutls28 security update
Debian DSA Debian DSA DSA-5962-1 gnutls28 security update
EUVD EUVD EUVD-2025-20990 A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Ubuntu USN Ubuntu USN USN-7635-1 GnuTLS vulnerabilities
Ubuntu USN Ubuntu USN USN-7742-1 GnuTLS vulnerabilities
History

Mon, 20 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird
References

Mon, 01 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ceph Storage
CPEs cpe:/a:redhat:ceph_storage:7::el9
Vendors & Products Redhat ceph Storage
References

Thu, 06 Nov 2025 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Wed, 08 Oct 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Tue, 07 Oct 2025 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 06 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
Vendors & Products Redhat rhel E4s
References

Mon, 06 Oct 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Fri, 03 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 17 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 17 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Fri, 15 Aug 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Redhat openshift Container Platform
CPEs cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu gnutls
Redhat openshift Container Platform

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00045}

 epss

{'score': 0.00059}

Thu, 10 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 10 Jul 2025 09:45:00 +0000

Type Values Removed Values Added
Description A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Title Gnutls: vulnerability in gnutls certtool template parsing
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-122
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Gnu Gnutls
Redhat Ceph Storage Discovery Enterprise Linux Hummingbird Insights Proxy Openshift Openshift Container Platform Rhel E4s Rhel Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-20T21:35:30.314Z

Reserved: 2025-04-15T01:31:12.104Z

Link: CVE-2025-32990

cve-icon Vulnrichment

Updated: 2025-11-04T21:10:08.725Z

cve-icon NVD

Status : Modified

Published: 2025-07-10T10:15:33.060

Modified: 2026-04-20T22:16:22.060

Link: CVE-2025-32990

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-09T07:00:00Z

Links: CVE-2025-32990 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses