CVE-2025-32988HIGH 8.2EPSS p63.8%

CVE-2025-32988CVE-2025-32988

Description

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS1.19% probability of exploitation · percentile 63.8% · 2026-06-18T12:00:27Z
Published2025-07-10
Last modified2026-05-12

Underlying weaknesses· 1

CWE-415

References

  1. https://access.redhat.com/errata/RHSA-2025:16115
  2. https://access.redhat.com/errata/RHSA-2025:16116
  3. https://access.redhat.com/errata/RHSA-2025:17181
  4. https://access.redhat.com/errata/RHSA-2025:17348
  5. https://access.redhat.com/errata/RHSA-2025:17361
  6. https://access.redhat.com/errata/RHSA-2025:17415
  7. https://access.redhat.com/errata/RHSA-2025:19088
  8. https://access.redhat.com/errata/RHSA-2025:22529

1

TypeTargetConfidenceTier
WeaknessDouble Freecwe-4150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32990
CVE
CVE-2025-14831
CVE
CVE-2025-47917
CVE
CVE-2026-33845
CVE
CVE-2026-33846
CVE
CVE-2026-42013
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.