CNNVD-202507-1386 Information

CNNVD ID

CNNVD-202507-1386

Related CVE

CVE-2025-32989

• CNNVD Published: 2025-07-10

Description (Chinese)

GnuTLS是GnuTLS开源的一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS存在信任管理问题漏洞，该漏洞源于X.509证书解析时处理CT SCT扩展不当，可能导致信息泄露。

Description (English)

GnuTLS is a free-of-charge secure communications bank for the implementation of SSL, TLS and DTLS protocols. GnuTLS has a trust management gap, which stems from the inappropriate expansion of the CT SCT during the analysis of X.509 certificates, which could lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

Go JOSE

Published

2025-07-10

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://vigilance.fr/vulnerability/GnuTLS-four-vulnerabilities-dated-11-07-2025-47689