Description
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
References (12)
Scores
CVSS v3
5.3
EPSS
0.0015
EPSS Percentile
35.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (20)
gnu/gnutls
Red Hat/Red Hat Ceph Storage 7
sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe
Red Hat/Red Hat Discovery 2
sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648
Red Hat/Red Hat Enterprise Linux 10
0:3.8.9-9.el10_0.14
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
0:3.8.3-6.el9_6.2
Red Hat/Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
0:3.7.6-21.el9_2.4
Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support
0:3.8.3-4.el9_4.4
... and 10 more
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026