CNNVD-202507-1485 Information

CNNVD ID

CNNVD-202507-1485

Related CVE

CVE-2025-32990

• CNNVD Published: 2025-07-10

Description (Chinese)

GnuTLS是一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS存在安全漏洞，该漏洞源于certtool工具模板解析逻辑中的堆缓冲区溢出，可能导致内存损坏和拒绝服务。

Description (English)

GnuTLS is a free and secure communications library for the implementation of SSL, TLS and DTLS agreements. There is a security loophole in GnuTLS, which stems from the spilling of a pile of buffers in the analysis logic of the certtool template, which could lead to memory damage and denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Go JOSE

Published

2025-07-10

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://access.redhat.com/security/cve/CVE-2025-32990 https://vigilance.fr/vulnerability/GnuTLS-four-vulnerabilities-dated-11-07-2025-47689 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html https://nvd.nist.gov/vuln/detail/CVE-2025-32990