CVE-2025-32990: Heap-based Buffer Overflow
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
AI Analysis
Technical Summary
A heap-buffer-overflow (off-by-one) vulnerability exists in the GnuTLS certtool utility's template parsing logic. When certtool reads certain settings from a template file, it can perform an out-of-bounds NULL pointer write, causing memory corruption and potential denial-of-service. This issue affects GnuTLS packages distributed with Red Hat Enterprise Linux 9 and 10. Red Hat has issued security advisories RHSA-2025:16115 and RHSA-2025:16116 providing patches that fix this vulnerability along with other related GnuTLS issues. The CVSS v3.1 base score is 6.5 (medium severity), indicating network attack vector, low attack complexity, no privileges required, no user interaction, no confidentiality impact, limited integrity impact, and high availability impact.
Potential Impact
Successful exploitation of this vulnerability can cause memory corruption resulting in a denial-of-service condition that may crash the affected system. There is no indication of confidentiality loss or privilege escalation from this vulnerability. The impact is limited to integrity and availability, with no known exploitation in the wild.
Mitigation Recommendations
Red Hat has released official security updates for Red Hat Enterprise Linux 9 and 10 that address this vulnerability. Users should apply the updated gnutls packages as described in Red Hat advisories RHSA-2025:16115 and RHSA-2025:16116. Detailed update instructions are available at https://access.redhat.com/articles/11258. Applying these patches fully mitigates the vulnerability. No additional mitigation steps are required beyond installing the official fixes.
CVE-2025-32990: Heap-based Buffer Overflow
Description
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A heap-buffer-overflow (off-by-one) vulnerability exists in the GnuTLS certtool utility's template parsing logic. When certtool reads certain settings from a template file, it can perform an out-of-bounds NULL pointer write, causing memory corruption and potential denial-of-service. This issue affects GnuTLS packages distributed with Red Hat Enterprise Linux 9 and 10. Red Hat has issued security advisories RHSA-2025:16115 and RHSA-2025:16116 providing patches that fix this vulnerability along with other related GnuTLS issues. The CVSS v3.1 base score is 6.5 (medium severity), indicating network attack vector, low attack complexity, no privileges required, no user interaction, no confidentiality impact, limited integrity impact, and high availability impact.
Potential Impact
Successful exploitation of this vulnerability can cause memory corruption resulting in a denial-of-service condition that may crash the affected system. There is no indication of confidentiality loss or privilege escalation from this vulnerability. The impact is limited to integrity and availability, with no known exploitation in the wild.
Mitigation Recommendations
Red Hat has released official security updates for Red Hat Enterprise Linux 9 and 10 that address this vulnerability. Users should apply the updated gnutls packages as described in Red Hat advisories RHSA-2025:16115 and RHSA-2025:16116. Detailed update instructions are available at https://access.redhat.com/articles/11258. Applying these patches fully mitigates the vulnerability. No additional mitigation steps are required beyond installing the official fixes.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-04-15T01:31:12.104Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:16115","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:16116","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:17181","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:17348","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:17361","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:17415","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19088","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22529","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:7477","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-32990","vendor":"Red Hat"}]
Threat ID: 686f8bdfa83201eaaca6d794
Added to database: 7/10/2025, 9:46:07 AM
Last enriched: 4/22/2026, 6:10:39 AM
Last updated: 5/9/2026, 12:43:53 AM
Views: 214
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.