CVE-2025-32988
MEDIUMGnuTLS < 3.8.10 - Double Free in Subject Alternative Name Export Logic
Title source: llmDescription
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
References (15)
Core 15
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:16115
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:16116
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:17181
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:17348
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:17361
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:17415
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:19088
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22529
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:7477
https://access.redhat.com/errata/RHSA-2026:7477
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-32988
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2359622
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Scores
CVSS v3
6.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-415
Status
published
Products (20)
gnu/gnutls
< 3.8.10
Red Hat/Red Hat Ceph Storage 7
sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe
Red Hat/Red Hat Discovery 2
sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648
Red Hat/Red Hat Enterprise Linux 10
0:3.8.9-9.el10_0.14
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:3.6.16-8.el8_10.4
Red Hat/Red Hat Enterprise Linux 9
0:3.8.3-6.el9_6.2
Red Hat/Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
0:3.7.6-21.el9_2.4
Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support
0:3.8.3-4.el9_4.4
... and 10 more
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026