Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-6395
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.
References
Affected products
rhcos
gnutls
- *
libgnutls
- <3.8.10
rhceph/rhceph-7-rhel9
- *
discovery/discovery-ui-rhel9
- *
insights-proxy/insights-proxy-container-rhel9
- *
Matching in nixpkgs
pkgs.gnutls
GNU Transport Layer Security Library
pkgs.guile-gnutls
Guile bindings for GnuTLS library
pkgs.python311Packages.python3-gnutls
Python wrapper for the GnuTLS library
-
nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
pkgs.python312Packages.python3-gnutls
Python wrapper for the GnuTLS library
-
nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
pkgs.python313Packages.python3-gnutls
Python wrapper for the GnuTLS library
-
nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
Package maintainers
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
-
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>