CVE-2025-32989
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
Vendor
Product
CWE
Yayın Tarihi
2025-07-10 08:15:24
Güncelleme
2025-12-01 22:15:48
Source Identifier
secalert@redhat.com
KEV Date Added
-
Kategoriler
Referanslar
https://access.redhat.com/errata/RHSA-2025:16115
https://access.redhat.com/errata/RHSA-2025:16116
https://access.redhat.com/errata/RHSA-2025:17181
https://access.redhat.com/errata/RHSA-2025:17348
https://access.redhat.com/errata/RHSA-2025:17361
https://access.redhat.com/errata/RHSA-2025:19088
https://access.redhat.com/errata/RHSA-2025:22529
https://access.redhat.com/security/cve/CVE-2025-32989
https://bugzilla.redhat.com/show_bug.cgi?id=2359621
http://www.openwall.com/lists/oss-security/2025/07/11/3