Description
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
References (14)
Scores
CVSS v3
6.5
EPSS
0.0006
EPSS Percentile
19.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-415
Status
published
Products (20)
gnu/gnutls
< 3.8.10
Red Hat/Red Hat Ceph Storage 7
sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe
Red Hat/Red Hat Discovery 2
sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648
Red Hat/Red Hat Enterprise Linux 10
0:3.8.9-9.el10_0.14
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:3.6.16-8.el8_10.4
Red Hat/Red Hat Enterprise Linux 9
0:3.8.3-6.el9_6.2
Red Hat/Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
0:3.7.6-21.el9_2.4
Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support
0:3.8.3-4.el9_4.4
... and 10 more
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026