Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-32988

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): HIGH

created 9 months, 1 week ago

Gnutls: vulnerability in gnutls othername san export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

References

https://access.redhat.com/security/cve/CVE-2025-32988 vdb-entryx_refsource_REDHAT
RHBZ#2359622 issue-trackingx_refsource_REDHAT
RHSA-2025:16115 vendor-advisoryx_refsource_REDHAT
RHSA-2025:16116 vendor-advisoryx_refsource_REDHAT
RHSA-2025:17348 vendor-advisoryx_refsource_REDHAT
RHSA-2025:17361 vendor-advisoryx_refsource_REDHAT
RHSA-2025:17415 vendor-advisoryx_refsource_REDHAT
RHSA-2025:19088 vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:17181 vendor-advisoryx_refsource_REDHAT
RHSA-2025:22529 vendor-advisoryx_refsource_REDHAT

Affected products

rhcos

gnutls

*

libgnutls

<3.8.10

rhceph/rhceph-7-rhel9

*

discovery/discovery-ui-rhel9

*

insights-proxy/insights-proxy-container-rhel9

*

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.9
- nixpkgs-unstable 3.8.9
- nixos-unstable-small 3.8.9

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 4.0.1
- nixpkgs-unstable 4.0.1
- nixos-unstable-small 4.0.1

pkgs.python311Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>