A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Wed, 17 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 17 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

epss

{'score': 0.00053}


Tue, 15 Jul 2025 07:00:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}


Thu, 10 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 10 Jul 2025 15:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.
Title gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Thu, 10 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()
Weaknesses CWE-476
References
Metrics threat_severity

None

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-17T20:25:48.032Z

Reserved: 2025-06-20T06:26:20.649Z

Link: CVE-2025-6395

cve-icon Vulnrichment

Updated: 2025-07-10T15:39:05.485Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2025-07-10T16:15:25.110

Modified: 2025-09-17T21:15:38.510

Link: CVE-2025-6395

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-10T07:56:53Z

Links: CVE-2025-6395 - Bugzilla

cve-icon OpenCVE Enrichment

No data.