Main Vulnerability Database SB2025080167

SB2025080167 - SUSE update for gnutls

Published: August 1, 2025

Security Bulletin ID SB2025080167

Severity

High

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Double free (CVE-ID: CVE-2025-32988)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when exporting a certificate with an otherName in the SAN (subject alternative name) extension. A remote attacker can trick the victim into export a specially crafted certificate, trigger a double free error on the ASN.1 structure and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Heap-based buffer overflow (CVE-ID: CVE-2025-32989)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. A remote attacker can supply a specially crafted X.509 certificate to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) NULL pointer dereference (CVE-ID: CVE-2025-32990)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when the certtool program is invoked with a template file with a number of string pairs for a single keyword. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2025-6395)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when a TLS 1.3 handshake involves a Hello Retry Request and the second Client Hello omits the PSK which was present in the first Client Hello. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202502595-1/

Vulnerable Software

Basesystem Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP6 - SP7
SUSE Linux Enterprise Server 15: SP6 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
openSUSE Leap: 15.6
libgnutls-devel-64bit: before 3.8.3-150600.4.9.1
libgnutls30-64bit-debuginfo: before 3.8.3-150600.4.9.1
libgnutls30-64bit: before 3.8.3-150600.4.9.1
libgnutls30-32bit-debuginfo: before 3.8.3-150600.4.9.1
libgnutls-devel-32bit: before 3.8.3-150600.4.9.1
libgnutls30-32bit: before 3.8.3-150600.4.9.1
libgnutlsxx30-debuginfo: before 3.8.3-150600.4.9.1
gnutls: before 3.8.3-150600.4.9.1
libgnutls30: before 3.8.3-150600.4.9.1
libgnutls30-debuginfo: before 3.8.3-150600.4.9.1
gnutls-debuginfo: before 3.8.3-150600.4.9.1
libgnutlsxx-devel: before 3.8.3-150600.4.9.1
libgnutls-devel: before 3.8.3-150600.4.9.1
gnutls-debugsource: before 3.8.3-150600.4.9.1
libgnutlsxx30: before 3.8.3-150600.4.9.1