CVE-2025-32988
BaseFortify
Publication date: 2025-07-10
Last updated on: 2026-04-20
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | to 3.8.10 (exc) |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double-free flaw in GnuTLS caused by incorrect handling of ownership in the export logic of Subject Alternative Name (SAN) entries that contain an otherName. Specifically, if the type-id OID is invalid or malformed, GnuTLS mistakenly frees an ASN.1 node it does not own, leading to a double-free condition when the same structure is freed again later.
How can this vulnerability impact me? :
This vulnerability can be triggered using only public GnuTLS APIs and may lead to denial of service or memory corruption, depending on the behavior of the memory allocator.