Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-32989 (GCVE-0-2025-32989)
Vulnerability from cvelistv5
- CWE-295 - Improper Certificate Validation
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-32989", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-10T20:04:51.314429Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-10T20:06:49.983Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://www.gnutls.org/", "defaultStatus": "unaffected", "packageName": "libgnutls", "versions": [ { "lessThan": "3.8.10", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10.0" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.9-9.el10_0.14", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-6.el9_6.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-6.el9_6.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.2::appstream", "cpe:/o:redhat:rhel_e4s:9.2::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-21.el9_2.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/o:redhat:rhel_eus:9.4::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4.4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:discovery:2::el9" ], "defaultStatus": "affected", "packageName": "discovery/discovery-ui-rhel9", "product": "Red Hat Discovery 2", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2025-07-10T07:54:13.541Z", "descriptions": [ { "lang": "en", "value": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-10-23T19:29:14.230Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2025:16115", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "name": "RHSA-2025:16116", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "name": "RHSA-2025:17348", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "name": "RHSA-2025:17361", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "name": "RHSA-2025:19088", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "name": "RHBZ#2359621", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" } ], "timeline": [ { "lang": "en", "time": "2025-04-15T01:21:36.512000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2025-07-10T07:54:13.541000+00:00", "value": "Made public." } ], "title": "Gnutls: vulnerability in gnutls sct extension parsing", "workarounds": [ { "lang": "en", "value": "Currently, no mitigation is available for this vulnerability." } ], "x_redhatCweChain": "CWE-295: Improper Certificate Validation" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2025-32989", "datePublished": "2025-07-10T08:05:26.307Z", "dateReserved": "2025-04-15T01:31:12.104Z", "dateUpdated": "2025-10-23T19:29:14.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-32989\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-07-10T08:15:24.430\",\"lastModified\":\"2025-10-23T20:15:38.730\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad de sobrelectura del b\u00fafer de mont\u00f3n en GnuTLS en la gesti\u00f3n de la extensi\u00f3n de marca de tiempo del certificado firmado (SCT) de Transparencia de Certificado (CT) durante el an\u00e1lisis de certificados X.509. Esta falla permite a un usuario malintencionado crear un certificado con una extensi\u00f3n SCT mal formada (OID 1.3.6.1.4.1.11129.2.4.2) que contiene datos confidenciales. Este problema provoca la exposici\u00f3n de informaci\u00f3n confidencial cuando GnuTLS verifica certificados de ciertos sitios web cuando la SCT no se verifica correctamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33A22858-21E1-479F-A9C4-AD2EFD059B93\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16115\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16116\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:17348\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:17361\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19088\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-32989\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2359621\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32989\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-10T20:04:51.314429Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-10T20:06:45.412Z\"}}], \"cna\": {\"title\": \"Gnutls: vulnerability in gnutls sct extension parsing\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.8.10\", \"versionType\": \"semver\"}], \"packageName\": \"libgnutls\", \"collectionURL\": \"https://www.gnutls.org/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.8.9-9.el10_0.14\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.8.3-6.el9_6.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.8.3-6.el9_6.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.7.6-21.el9_2.4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\", \"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.8.3-4.el9_4.4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-ui-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-15T01:21:36.512000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-07-10T07:54:13.541000+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-07-10T07:54:13.541Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:16115\", \"name\": \"RHSA-2025:16115\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:16116\", \"name\": \"RHSA-2025:16116\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:17348\", \"name\": \"RHSA-2025:17348\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:17361\", \"name\": \"RHSA-2025:17361\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19088\", \"name\": \"RHSA-2025:19088\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-32989\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2359621\", \"name\": \"RHBZ#2359621\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Currently, no mitigation is available for this vulnerability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-10-23T19:29:14.230Z\"}, \"x_redhatCweChain\": \"CWE-295: Improper Certificate Validation\"}}", "cveMetadata": "{\"cveId\": \"CVE-2025-32989\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-23T19:29:14.230Z\", \"dateReserved\": \"2025-04-15T01:31:12.104Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-07-10T08:05:26.307Z\", \"assignerShortName\": \"redhat\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
ssa-082556
Vulnerability from csaf_siemens
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)", "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).\n\nSiemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "productcert@siemens.com", "name": "Siemens ProductCERT", "namespace": "https://www.siemens.com" }, "references": [ { "category": "self", "summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "category": "self", "summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-082556.json" } ], "title": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5", "tracking": { "current_release_date": "2025-08-12T00:00:00Z", "generator": { "engine": { "name": "Siemens ProductCERT CSAF Generator", "version": "1" } }, "id": "SSA-082556", "initial_release_date": "2025-06-10T00:00:00Z", "revision_history": [ { "date": "2025-06-10T00:00:00Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2025-08-12T00:00:00Z", "legacy_version": "1.1", "number": "2", "summary": "Added CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990" } ], "status": "interim", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)", "product_id": "1", "product_identification_helper": { "model_numbers": [ "6ES7518-4AX00-1AB0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)", "product_id": "2", "product_identification_helper": { "model_numbers": [ "6ES7518-4AX00-1AC0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)", "product_id": "3", "product_identification_helper": { "model_numbers": [ "6ES7518-4FX00-1AB0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)", "product_id": "4", "product_identification_helper": { "model_numbers": [ "6ES7518-4FX00-1AC0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)", "product_id": "5", "product_identification_helper": { "model_numbers": [ "6AG1518-4AX00-4AC0" ] } } } ], "category": "product_name", "name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-41617", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2021-41617" }, { "cve": "CVE-2023-4527", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-4527" }, { "cve": "CVE-2023-4806", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-4806" }, { "cve": "CVE-2023-4911", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-4911" }, { "cve": "CVE-2023-5363", "cwe": { "id": "CWE-684", "name": "Incorrect Provision of Specified Functionality" }, "notes": [ { "category": "summary", "text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-5363" }, { "cve": "CVE-2023-6246", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-6246" }, { "cve": "CVE-2023-6779", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-6779" }, { "cve": "CVE-2023-6780", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-6780" }, { "cve": "CVE-2023-28531", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-28531" }, { "cve": "CVE-2023-38545", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-38545" }, { "cve": "CVE-2023-38546", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "notes": [ { "category": "summary", "text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-38546" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-44487" }, { "cve": "CVE-2023-46218", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-46218" }, { "cve": "CVE-2023-46219", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-46219" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "notes": [ { "category": "summary", "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-48795" }, { "cve": "CVE-2023-51384", "cwe": { "id": "CWE-304", "name": "Missing Critical Step in Authentication" }, "notes": [ { "category": "summary", "text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-51384" }, { "cve": "CVE-2023-51385", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "notes": [ { "category": "summary", "text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-51385" }, { "cve": "CVE-2023-52927", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2023-52927" }, { "cve": "CVE-2024-2961", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-2961" }, { "cve": "CVE-2024-6119", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "notes": [ { "category": "summary", "text": "Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don\u0027t perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-6119" }, { "cve": "CVE-2024-6387", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "summary", "text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-6387" }, { "cve": "CVE-2024-12133", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "notes": [ { "category": "summary", "text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-12133" }, { "cve": "CVE-2024-12243", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "notes": [ { "category": "summary", "text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-12243" }, { "cve": "CVE-2024-24855", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "A race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-24855" }, { "cve": "CVE-2024-26596", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "net: dsa: netdev_priv() dereference before check on non-DSA netdevice events.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-26596" }, { "cve": "CVE-2024-28085", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\u0027 terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-28085" }, { "cve": "CVE-2024-33599", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "nscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\r\nby client requests then a subsequent client request for netgroup data\r\nmay result in a stack-based buffer overflow. This flaw was introduced\r\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-33599" }, { "cve": "CVE-2024-33600", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "nscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\r\nnetgroup response to the cache, the client request can result in a null\r\npointer dereference. This flaw was introduced in glibc 2.15 when the\r\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-33600" }, { "cve": "CVE-2024-33601", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "nscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\r\nxrealloc and these functions may terminate the process due to a memory\r\nallocation failure resulting in a denial of service to the clients. The\r\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-33601" }, { "cve": "CVE-2024-33602", "cwe": { "id": "CWE-466", "name": "Return of Pointer Value Outside of Expected Range" }, "notes": [ { "category": "summary", "text": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\r\nwhen the NSS callback does not store all strings in the provided buffer.\r\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-33602" }, { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-34397" }, { "cve": "CVE-2024-37370", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "summary", "text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-37370" }, { "cve": "CVE-2024-37371", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "summary", "text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-37371" }, { "cve": "CVE-2024-45490", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-45490" }, { "cve": "CVE-2024-45491", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-45491" }, { "cve": "CVE-2024-45492", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-45492" }, { "cve": "CVE-2024-50246", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/ntfs3: Add rough attr alloc_size check", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-50246" }, { "cve": "CVE-2024-53166", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "block, bfq: bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-\u003elock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-53166" }, { "cve": "CVE-2024-57977", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "summary", "text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-57977" }, { "cve": "CVE-2024-57996", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "summary", "text": "net_sched: sch_sfq: vulnerability caused by incorrectly handling a packet limit of 1, leading to an array-index-out-of-bounds error and subsequent crash when the queue length is decremented for an empty slot.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-57996" }, { "cve": "CVE-2024-58005", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "tpm: Change to kvalloc() in eventlog/acpi.c.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2024-58005" }, { "cve": "CVE-2025-4373", "cwe": { "id": "CWE-124", "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)" }, "notes": [ { "category": "summary", "text": "GLib is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-4373" }, { "cve": "CVE-2025-4598", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "summary", "text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\r\n\r\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-4598" }, { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-6395" }, { "cve": "CVE-2025-21701", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "net: vulnerability arises because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, leading to potential use of destroyed locks, which is fixed by denying operations on devices being unregistered.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21701" }, { "cve": "CVE-2025-21702", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21702" }, { "cve": "CVE-2025-21712", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "md/md-bitmap: vulnerability caused by bitmap_get_stats() can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmap_get_stats() with bitmap_info.mutex.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21712" }, { "cve": "CVE-2025-21724", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index(). Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index() where shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift (an unsigned long value) could result in undefined behavior. The constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds 31 (e.g., pgshift = 63) the shift operation overflows, as the result cannot be represented in a 32-bit type.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21724" }, { "cve": "CVE-2025-21728", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21728" }, { "cve": "CVE-2025-21745", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21745" }, { "cve": "CVE-2025-21756", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21756" }, { "cve": "CVE-2025-21758", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21758" }, { "cve": "CVE-2025-21765", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21765" }, { "cve": "CVE-2025-21766", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ipv4: use RCU protection in __ip_rt_update_pmtu(). __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21766" }, { "cve": "CVE-2025-21767", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clocksource_verify_percpu.part.0+0x6b/0x330 clocksource_watchdog_kthread+0x193/0x1a0 It is due to the fact that clocksource_verify_choose_cpus() is invoked with preemption disabled. This function invokes get_random_u32() to obtain random numbers for choosing CPUs. The batched_entropy_32 local lock and/or the base_crng.lock spinlock in driver/char/random.c will be acquired during the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot be acquired in atomic context. Fix this problem by using migrate_disable() to allow smp_processor_id() to be reliably used without introducing atomic context. preempt_disable() is then called after clocksource_verify_choose_cpus() but before the clocksource measurement is being run to avoid introducing unexpected latency.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21767" }, { "cve": "CVE-2025-21795", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21795" }, { "cve": "CVE-2025-21796", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21796" }, { "cve": "CVE-2025-21848", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\r\n\r\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\r\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21848" }, { "cve": "CVE-2025-21862", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "summary", "text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21862" }, { "cve": "CVE-2025-21864", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: drop secpath at the same time as we currently drop dst\r\n\r\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\r\nrunning tests that boil down to:\r\n - create a pair of netns\r\n - run a basic TCP test over ipcomp6\r\n - delete the pair of netns\r\n\r\nThe xfrm_state found on spi_byaddr was not deleted at the time we\r\ndelete the netns, because we still have a reference on it. This\r\nlingering reference comes from a secpath (which holds a ref on the\r\nxfrm_state), which is still attached to an skb. This skb is not\r\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\r\nskb_attempt_defer_free.\r\n\r\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\r\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\r\nthat case, we still have a reference on the xfrm_state that we don\u0027t\r\nexpect at this point.\r\n\r\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\r\nlonger needed, so let\u0027s also drop the secpath. At this point,\r\ntcp_filter has already called into the LSM hooks that may require the\r\nsecpath, so it should not be needed anymore. However, in some of those\r\nplaces, the MPTCP extension has just been attached to the skb, so we\r\ncannot simply drop all extensions.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21864" }, { "cve": "CVE-2025-21865", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-21865" }, { "cve": "CVE-2025-26465", "cwe": { "id": "CWE-390", "name": "Detection of Error Condition Without Action" }, "notes": [ { "category": "summary", "text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-26465" }, { "cve": "CVE-2025-31115", "cwe": { "id": "CWE-826", "name": "Premature Release of Resource During Expected Lifetime" }, "notes": [ { "category": "summary", "text": "The threaded .xz decoder in liblzma has a vulnerability that can at least result in a crash (denial of service). The effects include heap use after free and writing to an address based on the null pointer plus an offset.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-31115" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "summary", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-32988" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "summary", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-32989" }, { "cve": "CVE-2025-46836", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "1", "2", "3", "4", "5" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5" ] } ], "title": "CVE-2025-46836" } ] }
CERTFR-2025-AVI-0663
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans GnuTLS. Elles permettent à un attaquant de provoquer un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Title | Publication Time | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "GnuTLS versions ant\u00e9rieures \u00e0 3.8.10", "product": { "name": "GnuTLS", "vendor": { "name": "GnuTLS", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "name": "CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "name": "CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "name": "CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" } ], "initial_release_date": "2025-08-08T00:00:00", "last_revision_date": "2025-08-08T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0663", "revisions": [ { "description": "Version initiale", "revision_date": "2025-08-08T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GnuTLS. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans GnuTLS", "vendor_advisories": [ { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 GnuTLS GNUTLS-SA-2025-07-08-3", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-07-08-3" }, { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 GnuTLS GNUTLS-SA-2025-07-08-2", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-07-08-2" }, { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 GnuTLS GNUTLS-SA-2025-07-08-1", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-07-08-1" }, { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 GnuTLS GNUTLS-SA-2025-07-08-4", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-07-08-4" } ] }
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11", "product": { "name": "Tanzu Application Service", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11", "product": { "name": "Tanzu Application Service", "vendor": { "name": "VMware", "scada": false } } }, { "description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2020-8908", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908" }, { "name": "CVE-2022-3602", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602" }, { "name": "CVE-2022-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633" }, { "name": "CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "name": "CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "name": "CVE-2022-28131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131" }, { "name": "CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "name": "CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "name": "CVE-2022-1962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962" }, { "name": "CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "name": "CVE-2022-32149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149" }, { "name": "CVE-2022-30631", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631" }, { "name": "CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "name": "CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "name": "CVE-2022-3786", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786" }, { "name": "CVE-2022-29526", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526" }, { "name": "CVE-2022-32205", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205" }, { "name": "CVE-2022-32206", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206" }, { "name": "CVE-2022-3996", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996" }, { "name": "CVE-2022-24921", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921" }, { "name": "CVE-2022-1434", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434" }, { "name": "CVE-2022-1292", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292" }, { "name": "CVE-2022-1343", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343" }, { "name": "CVE-2022-1473", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473" }, { "name": "CVE-2022-27774", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774" }, { "name": "CVE-2022-27775", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775" }, { "name": "CVE-2022-22576", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576" }, { "name": "CVE-2022-27776", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776" }, { "name": "CVE-2022-2068", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068" }, { "name": "CVE-2022-27191", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191" }, { "name": "CVE-2022-2097", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097" }, { "name": "CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "name": "CVE-2022-28327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327" }, { "name": "CVE-2022-24675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675" }, { "name": "CVE-2022-27782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782" }, { "name": "CVE-2022-32208", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208" }, { "name": "CVE-2022-27781", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781" }, { "name": "CVE-2022-32207", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207" }, { "name": "CVE-2022-3358", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358" }, { "name": "CVE-2022-1271", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271" }, { "name": "CVE-2022-32221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221" }, { "name": "CVE-2022-42916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916" }, { "name": "CVE-2022-35252", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252" }, { "name": "CVE-2022-42915", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915" }, { "name": "CVE-2022-43551", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551" }, { "name": "CVE-2022-43552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552" }, { "name": "CVE-2022-4304", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304" }, { "name": "CVE-2022-4203", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203" }, { "name": "CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "name": "CVE-2023-0401", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401" }, { "name": "CVE-2023-0215", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215" }, { "name": "CVE-2023-0217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217" }, { "name": "CVE-2023-0216", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216" }, { "name": "CVE-2022-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450" }, { "name": "CVE-2023-23915", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915" }, { "name": "CVE-2023-23914", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914" }, { "name": "CVE-2023-23916", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916" }, { "name": "CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "name": "CVE-2023-0464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464" }, { "name": "CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "name": "CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "name": "CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "name": "CVE-2022-41716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716" }, { "name": "CVE-2023-0466", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466" }, { "name": "CVE-2023-0465", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465" }, { "name": "CVE-2022-30629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629" }, { "name": "CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "name": "CVE-2022-41722", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41722" }, { "name": "CVE-2022-30580", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580" }, { "name": "CVE-2022-41720", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41720" }, { "name": "CVE-2022-41725", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725" }, { "name": "CVE-2022-41724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724" }, { "name": "CVE-2023-24532", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532" }, { "name": "CVE-2023-24537", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537" }, { "name": "CVE-2023-2650", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650" }, { "name": "CVE-2022-30634", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30634" }, { "name": "CVE-2023-27533", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533" }, { "name": "CVE-2023-27534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534" }, { "name": "CVE-2022-27780", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27780" }, { "name": "CVE-2022-29804", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29804" }, { "name": "CVE-2023-24536", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536" }, { "name": "CVE-2023-24538", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538" }, { "name": "CVE-2023-1255", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255" }, { "name": "CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "name": "CVE-2023-28320", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320" }, { "name": "CVE-2023-28321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321" }, { "name": "CVE-2023-24540", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540" }, { "name": "CVE-2023-29400", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400" }, { "name": "CVE-2023-24539", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539" }, { "name": "CVE-2023-2975", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975" }, { "name": "CVE-2023-3446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446" }, { "name": "CVE-2023-28319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319" }, { "name": "CVE-2023-3817", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817" }, { "name": "CVE-2023-29404", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404" }, { "name": "CVE-2023-29402", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402" }, { "name": "CVE-2023-29403", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403" }, { "name": "CVE-2023-29405", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405" }, { "name": "CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "name": "CVE-2023-29409", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409" }, { "name": "CVE-2023-29406", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406" }, { "name": "CVE-2023-40403", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40403" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "name": "CVE-2016-1000027", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027" }, { "name": "CVE-2023-5363", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363" }, { "name": "CVE-2023-4807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807" }, { "name": "CVE-2023-5678", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678" }, { "name": "CVE-2023-40217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217" }, { "name": "CVE-2022-0563", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0563" }, { "name": "CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "name": "CVE-2023-6237", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237" }, { "name": "CVE-2023-39323", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323" }, { "name": "CVE-2023-36617", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36617" }, { "name": "CVE-2022-23471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471" }, { "name": "CVE-2023-25153", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153" }, { "name": "CVE-2023-24534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534" }, { "name": "CVE-2023-6129", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129" }, { "name": "CVE-2023-46218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" }, { "name": "CVE-2023-39318", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318" }, { "name": "CVE-2023-39319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319" }, { "name": "CVE-2024-0727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727" }, { "name": "CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "name": "CVE-2023-25173", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173" }, { "name": "CVE-2022-31030", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030" }, { "name": "CVE-2023-27043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043" }, { "name": "CVE-2023-36632", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632" }, { "name": "CVE-2024-28085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085" }, { "name": "CVE-2024-2511", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511" }, { "name": "CVE-2020-22916", "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916" }, { "name": "CVE-2023-3978", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978" }, { "name": "CVE-2023-2253", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253" }, { "name": "CVE-2024-25710", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710" }, { "name": "CVE-2024-26308", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308" }, { "name": "CVE-2023-6597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597" }, { "name": "CVE-2024-21011", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011" }, { "name": "CVE-2024-21094", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094" }, { "name": "CVE-2024-21068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068" }, { "name": "CVE-2024-21085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085" }, { "name": "CVE-2024-21012", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21012" }, { "name": "CVE-2023-28841", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841" }, { "name": "CVE-2023-28842", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842" }, { "name": "CVE-2023-39326", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326" }, { "name": "CVE-2023-45283", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283" }, { "name": "CVE-2023-28840", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840" }, { "name": "CVE-2023-45285", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285" }, { "name": "CVE-2023-45284", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284" }, { "name": "CVE-2023-45288", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288" }, { "name": "CVE-2024-4603", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603" }, { "name": "CVE-2023-6378", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378" }, { "name": "CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "name": "CVE-2023-45290", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290" }, { "name": "CVE-2024-24783", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783" }, { "name": "CVE-2024-24784", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784" }, { "name": "CVE-2024-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785" }, { "name": "CVE-2024-4741", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741" }, { "name": "CVE-2024-35255", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255" }, { "name": "CVE-2024-24557", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557" }, { "name": "CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "name": "CVE-2024-28180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180" }, { "name": "CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "name": "CVE-2024-30171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171" }, { "name": "CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "name": "CVE-2024-5535", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535" }, { "name": "CVE-2024-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398" }, { "name": "CVE-2024-0397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397" }, { "name": "CVE-2024-4030", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4030" }, { "name": "CVE-2024-4032", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032" }, { "name": "CVE-2024-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450" }, { "name": "CVE-2024-36945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945" }, { "name": "CVE-2024-21131", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131" }, { "name": "CVE-2024-21138", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138" }, { "name": "CVE-2024-21140", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140" }, { "name": "CVE-2024-21144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144" }, { "name": "CVE-2024-21145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145" }, { "name": "CVE-2024-21147", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147" }, { "name": "CVE-2023-28756", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28756" }, { "name": "CVE-2024-6923", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923" }, { "name": "CVE-2024-3219", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219" }, { "name": "CVE-2023-45287", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287" }, { "name": "CVE-2024-24787", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787" }, { "name": "CVE-2024-42230", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42230" }, { "name": "CVE-2024-6232", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232" }, { "name": "CVE-2024-6119", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119" }, { "name": "CVE-2022-24769", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24769" }, { "name": "CVE-2024-41110", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110" }, { "name": "CVE-2024-38816", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816" }, { "name": "CVE-2024-7264", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264" }, { "name": "CVE-2024-8096", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096" }, { "name": "CVE-2024-46812", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46812" }, { "name": "CVE-2024-46821", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46821" }, { "name": "CVE-2024-24789", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789" }, { "name": "CVE-2024-34155", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155" }, { "name": "CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "name": "CVE-2024-34158", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158" }, { "name": "CVE-2024-46753", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46753" }, { "name": "CVE-2024-46787", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46787" }, { "name": "CVE-2024-24790", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790" }, { "name": "CVE-2024-21208", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208" }, { "name": "CVE-2024-21210", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210" }, { "name": "CVE-2024-21217", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217" }, { "name": "CVE-2024-21235", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235" }, { "name": "CVE-2024-9143", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143" }, { "name": "CVE-2024-38819", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819" }, { "name": "CVE-2024-38820", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820" }, { "name": "CVE-2024-34447", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447" }, { "name": "CVE-2024-7592", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592" }, { "name": "CVE-2024-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088" }, { "name": "CVE-2024-9681", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681" }, { "name": "CVE-2024-11168", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168" }, { "name": "CVE-2024-38828", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828" }, { "name": "CVE-2024-50047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50047" }, { "name": "CVE-2024-11053", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053" }, { "name": "CVE-2024-47554", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554" }, { "name": "CVE-2024-53051", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53051" }, { "name": "CVE-2024-0406", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406" }, { "name": "CVE-2024-53144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53144" }, { "name": "CVE-2024-8805", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8805" }, { "name": "CVE-2025-21502", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21502" }, { "name": "CVE-2024-27282", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282" }, { "name": "CVE-2025-0938", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938" }, { "name": "CVE-2024-56664", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664" }, { "name": "CVE-2025-0167", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167" }, { "name": "CVE-2025-0725", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725" }, { "name": "CVE-2024-50602", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602" }, { "name": "CVE-2024-13176", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176" }, { "name": "CVE-2025-1795", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795" }, { "name": "CVE-2024-51744", "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744" }, { "name": "CVE-2024-24791", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791" }, { "name": "CVE-2025-22228", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228" }, { "name": "CVE-2023-24531", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24531" }, { "name": "CVE-2024-45336", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336" }, { "name": "CVE-2024-45337", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337" }, { "name": "CVE-2024-45341", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341" }, { "name": "CVE-2025-22866", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866" }, { "name": "CVE-2025-22870", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870" }, { "name": "CVE-2024-56171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171" }, { "name": "CVE-2025-27113", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113" }, { "name": "CVE-2020-36843", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36843" }, { "name": "CVE-2025-21587", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587" }, { "name": "CVE-2025-30691", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30691" }, { "name": "CVE-2025-30698", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698" }, { "name": "CVE-2025-24928", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928" }, { "name": "CVE-2025-21941", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21941" }, { "name": "CVE-2025-21956", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21956" }, { "name": "CVE-2025-21957", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21957" }, { "name": "CVE-2025-21959", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21959" }, { "name": "CVE-2025-21962", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21962" }, { "name": "CVE-2025-21963", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21963" }, { "name": "CVE-2025-21964", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964" }, { "name": "CVE-2025-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21968" }, { "name": "CVE-2025-21970", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21970" }, { "name": "CVE-2025-21975", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21975" }, { "name": "CVE-2025-21981", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21981" }, { "name": "CVE-2025-21991", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991" }, { "name": "CVE-2025-21992", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21992" }, { "name": "CVE-2025-21994", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21994" }, { "name": "CVE-2025-21996", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21996" }, { "name": "CVE-2025-21999", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21999" }, { "name": "CVE-2025-22004", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004" }, { "name": "CVE-2025-22005", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22005" }, { "name": "CVE-2025-22007", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22007" }, { "name": "CVE-2025-22008", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22008" }, { "name": "CVE-2025-22010", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22010" }, { "name": "CVE-2025-22014", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22014" }, { "name": "CVE-2020-15250", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15250" }, { "name": "CVE-2024-12798", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798" }, { "name": "CVE-2024-12801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801" }, { "name": "CVE-2024-29018", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29018" }, { "name": "CVE-2025-21613", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21613" }, { "name": "CVE-2025-21614", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21614" }, { "name": "CVE-2025-22868", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868" }, { "name": "CVE-2025-22871", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871" }, { "name": "CVE-2025-22235", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235" }, { "name": "CVE-2025-2312", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2312" }, { "name": "CVE-2025-31650", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650" }, { "name": "CVE-2025-31651", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651" }, { "name": "CVE-2025-30204", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204" }, { "name": "CVE-2023-53034", "url": "https://www.cve.org/CVERecord?id=CVE-2023-53034" }, { "name": "CVE-2025-22025", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22025" }, { "name": "CVE-2025-22035", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22035" }, { "name": "CVE-2025-22044", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22044" }, { "name": "CVE-2025-22045", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22045" }, { "name": "CVE-2025-22050", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22050" }, { "name": "CVE-2025-22054", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22054" }, { "name": "CVE-2025-22055", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22055" }, { "name": "CVE-2025-22056", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22056" }, { "name": "CVE-2025-22060", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22060" }, { "name": "CVE-2025-22063", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22063" }, { "name": "CVE-2025-22066", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22066" }, { "name": "CVE-2025-22071", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22071" }, { "name": "CVE-2025-22073", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22073" }, { "name": "CVE-2025-22075", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22075" }, { "name": "CVE-2025-22079", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22079" }, { "name": "CVE-2025-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22081" }, { "name": "CVE-2025-22086", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22086" }, { "name": "CVE-2025-22089", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22089" }, { "name": "CVE-2025-22097", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22097" }, { "name": "CVE-2025-23136", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23136" }, { "name": "CVE-2025-23138", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23138" }, { "name": "CVE-2025-37785", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785" }, { "name": "CVE-2025-38152", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38152" }, { "name": "CVE-2025-38575", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38575" }, { "name": "CVE-2025-38637", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38637" }, { "name": "CVE-2025-39728", "url": "https://www.cve.org/CVERecord?id=CVE-2025-39728" }, { "name": "CVE-2025-39735", "url": "https://www.cve.org/CVERecord?id=CVE-2025-39735" }, { "name": "CVE-2025-4516", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516" }, { "name": "CVE-2025-22233", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233" }, { "name": "CVE-2024-9287", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287" }, { "name": "CVE-2025-4575", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4575" }, { "name": "CVE-2022-49728", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49728" }, { "name": "CVE-2024-58093", "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093" }, { "name": "CVE-2025-22018", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22018" }, { "name": "CVE-2025-22020", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020" }, { "name": "CVE-2025-37798", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37798" }, { "name": "CVE-2025-22869", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869" }, { "name": "CVE-2025-46701", "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701" }, { "name": "CVE-2025-22021", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22021" }, { "name": "CVE-2025-37889", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37889" }, { "name": "CVE-2025-37937", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37937" }, { "name": "CVE-2025-37890", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890" }, { "name": "CVE-2025-37932", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37932" }, { "name": "CVE-2025-4517", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517" }, { "name": "CVE-2025-4330", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330" }, { "name": "CVE-2025-4138", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138" }, { "name": "CVE-2024-12718", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718" }, { "name": "CVE-2025-4435", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435" }, { "name": "CVE-2025-41234", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234" }, { "name": "CVE-2025-49146", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146" }, { "name": "CVE-2025-27219", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219" }, { "name": "CVE-2025-27220", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220" }, { "name": "CVE-2025-48976", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976" }, { "name": "CVE-2025-48988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988" }, { "name": "CVE-2025-49124", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124" }, { "name": "CVE-2025-49125", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125" }, { "name": "CVE-2024-53427", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427" }, { "name": "CVE-2025-22872", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872" }, { "name": "CVE-2025-6020", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020" }, { "name": "CVE-2022-49636", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49636" }, { "name": "CVE-2025-37997", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37997" }, { "name": "CVE-2025-38000", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38000" }, { "name": "CVE-2025-38001", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38001" }, { "name": "CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "name": "CVE-2025-32462", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462" }, { "name": "CVE-2025-52434", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434" }, { "name": "CVE-2025-53506", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506" }, { "name": "CVE-2024-47081", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081" }, { "name": "CVE-2025-30749", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749" }, { "name": "CVE-2025-30754", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754" }, { "name": "CVE-2025-30761", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761" }, { "name": "CVE-2025-50059", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059" }, { "name": "CVE-2025-50106", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106" }, { "name": "CVE-2025-48734", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734" }, { "name": "CVE-2021-3995", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3995" }, { "name": "CVE-2021-3996", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3996" }, { "name": "CVE-2022-28948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28948" }, { "name": "CVE-2022-29173", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29173" }, { "name": "CVE-2022-35929", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35929" }, { "name": "CVE-2022-36056", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36056" }, { "name": "CVE-2022-36109", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36109" }, { "name": "CVE-2023-28755", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28755" }, { "name": "CVE-2023-30551", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30551" }, { "name": "CVE-2023-33199", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33199" }, { "name": "CVE-2023-33202", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202" }, { "name": "CVE-2023-46737", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46737" }, { "name": "CVE-2024-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337" }, { "name": "CVE-2024-24579", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24579" }, { "name": "CVE-2024-29902", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29902" }, { "name": "CVE-2024-29903", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29903" }, { "name": "CVE-2024-40635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40635" }, { "name": "CVE-2024-41909", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41909" }, { "name": "CVE-2024-45339", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339" }, { "name": "CVE-2024-47611", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611" }, { "name": "CVE-2024-52587", "url": "https://www.cve.org/CVERecord?id=CVE-2024-52587" }, { "name": "CVE-2024-6104", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6104" }, { "name": "CVE-2025-0913", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913" }, { "name": "CVE-2025-22874", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874" }, { "name": "CVE-2025-25186", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25186" }, { "name": "CVE-2025-27221", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221" }, { "name": "CVE-2025-29786", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29786" }, { "name": "CVE-2025-32441", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32441" }, { "name": "CVE-2025-32955", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32955" }, { "name": "CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "name": "CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "name": "CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "name": "CVE-2025-3445", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445" }, { "name": "CVE-2025-38177", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38177" }, { "name": "CVE-2025-46727", "url": "https://www.cve.org/CVERecord?id=CVE-2025-46727" }, { "name": "CVE-2025-4673", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673" }, { "name": "CVE-2025-47290", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47290" }, { "name": "CVE-2025-48060", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060" }, { "name": "CVE-2025-4877", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4877" }, { "name": "CVE-2025-4878", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878" }, { "name": "CVE-2025-48924", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924" }, { "name": "CVE-2025-49014", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014" }, { "name": "CVE-2025-4949", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4949" }, { "name": "CVE-2025-50181", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181" }, { "name": "CVE-2025-5318", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318" }, { "name": "CVE-2025-5372", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372" }, { "name": "CVE-2025-5914", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914" }, { "name": "CVE-2025-5915", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915" }, { "name": "CVE-2025-5916", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916" }, { "name": "CVE-2025-5917", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917" }, { "name": "CVE-2025-6069", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069" }, { "name": "CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" } ], "initial_release_date": "2025-07-25T00:00:00", "last_revision_date": "2025-07-25T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0622", "revisions": [ { "description": "Version initiale", "revision_date": "2025-07-25T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware", "vendor_advisories": [ { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35981", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35967", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35980", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35974", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35979", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35984", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35970", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35983", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35978", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35968", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35973", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35976", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35969", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35966", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35972", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35977", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35982", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35971", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971" }, { "published_at": "2025-07-24", "title": "Bulletin de s\u00e9curit\u00e9 VMware 35975", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975" } ] }
CERTFR-2025-AVI-0756
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T | ||
VMware | Tanzu | Tanzu for MySQL on Cloud Foundry versions antérieures à 10.0.2 | ||
VMware | Tanzu | Java Buildpack versions antérieures à 4.84.0 | ||
VMware | Tanzu | Stemcells pour Ubuntu Jammy Azure Light versions antérieures à 1.894 | ||
VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 10.0.9 | ||
VMware | Tanzu | Tanzu Scheduler versions antérieures à 2.0.20 | ||
VMware | Tanzu | Spring Cloud Services for VMware Tanzu versions antérieures à 3.3.9 | ||
VMware | Tanzu | Tanzu GemFire versions antérieures à 10.1.4 | ||
VMware | Tanzu Operations Manager | Tanzu Operations Manager versions antérieures à 3.1.2 | ||
VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 6.0.19+LTS-T | ||
VMware | Tanzu | Single Sign-On for VMware Tanzu Application Service versions antérieures à 1.16.12 | ||
VMware | Tanzu | Tanzu Hub versions antérieures à 10.2.1 | ||
VMware | Tanzu | Stemcells pour Ubuntu Jammy versions antérieures à 1.894 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu for MySQL on Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.2", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.84.0", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Stemcells pour Ubuntu Jammy Azure Light versions ant\u00e9rieures \u00e0 1.894", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.0.9", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Scheduler versions ant\u00e9rieures \u00e0 2.0.20", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Spring Cloud Services for VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.9", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.1.4", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Operations Manager versions ant\u00e9rieures \u00e0 3.1.2", "product": { "name": "Tanzu Operations Manager", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.19+LTS-T", "product": { "name": "Tanzu Platform", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Single Sign-On for VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.12", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.2.1", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } }, { "description": "Stemcells pour Ubuntu Jammy versions ant\u00e9rieures \u00e0 1.894", "product": { "name": "Tanzu", "vendor": { "name": "VMware", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "name": "CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "name": "CVE-2021-44228", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "CVE-2013-1548", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1548" }, { "name": "CVE-2015-4779", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4779" }, { "name": "CVE-2015-4780", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4780" }, { "name": "CVE-2015-4787", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4787" }, { "name": "CVE-2015-4790", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4790" }, { "name": "CVE-2015-4778", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4778" }, { "name": "CVE-2015-4782", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4782" }, { "name": "CVE-2015-4789", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4789" }, { "name": "CVE-2015-4764", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4764" }, { "name": "CVE-2015-4783", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4783" }, { "name": "CVE-2015-2583", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2583" }, { "name": "CVE-2015-4781", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4781" }, { "name": "CVE-2015-4776", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4776" }, { "name": "CVE-2015-4786", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4786" }, { "name": "CVE-2015-2656", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2656" }, { "name": "CVE-2015-4788", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4788" }, { "name": "CVE-2015-4785", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4785" }, { "name": "CVE-2015-4754", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4754" }, { "name": "CVE-2015-4775", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4775" }, { "name": "CVE-2015-4777", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4777" }, { "name": "CVE-2015-2640", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2640" }, { "name": "CVE-2015-4774", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4774" }, { "name": "CVE-2015-2626", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2626" }, { "name": "CVE-2015-2624", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2624" }, { "name": "CVE-2015-4784", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4784" }, { "name": "CVE-2015-2654", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2654" }, { "name": "CVE-2017-8046", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8046" }, { "name": "CVE-2018-3280", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3280" }, { "name": "CVE-2018-3137", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3137" }, { "name": "CVE-2018-3285", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3285" }, { "name": "CVE-2018-3182", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3182" }, { "name": "CVE-2018-3186", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3186" }, { "name": "CVE-2018-3195", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3195" }, { "name": "CVE-2018-3286", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3286" }, { "name": "CVE-2018-3170", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3170" }, { "name": "CVE-2018-3279", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3279" }, { "name": "CVE-2018-3212", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3212" }, { "name": "CVE-2018-3203", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3203" }, { "name": "CVE-2018-3145", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3145" }, { "name": "CVE-2019-2530", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2530" }, { "name": "CVE-2019-2436", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2436" }, { "name": "CVE-2019-2539", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2539" }, { "name": "CVE-2019-2494", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2494" }, { "name": "CVE-2019-2535", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2535" }, { "name": "CVE-2019-2533", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2533" }, { "name": "CVE-2019-2495", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2495" }, { "name": "CVE-2019-2513", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2513" }, { "name": "CVE-2019-2536", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2536" }, { "name": "CVE-2019-2502", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2502" }, { "name": "CVE-2019-2634", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2634" }, { "name": "CVE-2019-2587", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2587" }, { "name": "CVE-2019-2584", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2584" }, { "name": "CVE-2019-2691", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2691" }, { "name": "CVE-2019-2606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2606" }, { "name": "CVE-2019-2630", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2630" }, { "name": "CVE-2019-2624", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2624" }, { "name": "CVE-2019-2623", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2623" }, { "name": "CVE-2019-2695", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2695" }, { "name": "CVE-2019-2596", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2596" }, { "name": "CVE-2019-2580", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2580" }, { "name": "CVE-2019-2644", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2644" }, { "name": "CVE-2019-2681", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2681" }, { "name": "CVE-2019-2617", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2617" }, { "name": "CVE-2019-2636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2636" }, { "name": "CVE-2019-2689", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2689" }, { "name": "CVE-2019-2693", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2693" }, { "name": "CVE-2019-2593", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2593" }, { "name": "CVE-2019-2625", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2625" }, { "name": "CVE-2019-2585", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2585" }, { "name": "CVE-2019-2631", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2631" }, { "name": "CVE-2019-2694", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2694" }, { "name": "CVE-2019-2620", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2620" }, { "name": "CVE-2019-2688", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2688" }, { "name": "CVE-2019-2589", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2589" }, { "name": "CVE-2019-2635", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2635" }, { "name": "CVE-2019-2626", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2626" }, { "name": "CVE-2019-2686", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2686" }, { "name": "CVE-2019-2685", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2685" }, { "name": "CVE-2019-2687", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2687" }, { "name": "CVE-2019-2607", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2607" }, { "name": "CVE-2019-7317", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317" }, { "name": "CVE-2019-2811", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2811" }, { "name": "CVE-2019-2740", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2740" }, { "name": "CVE-2019-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2879" }, { "name": "CVE-2019-2808", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2808" }, { "name": "CVE-2019-2738", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2738" }, { "name": "CVE-2019-2819", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2819" }, { "name": "CVE-2019-2737", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2737" }, { "name": "CVE-2019-2814", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2814" }, { "name": "CVE-2019-2778", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2778" }, { "name": "CVE-2019-2822", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2822" }, { "name": "CVE-2019-2802", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2802" }, { "name": "CVE-2019-2803", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2803" }, { "name": "CVE-2019-2752", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2752" }, { "name": "CVE-2019-2826", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2826" }, { "name": "CVE-2019-2784", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2784" }, { "name": "CVE-2019-2789", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2789" }, { "name": "CVE-2019-2801", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2801" }, { "name": "CVE-2019-2791", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2791" }, { "name": "CVE-2019-2798", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2798" }, { "name": "CVE-2019-2796", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2796" }, { "name": "CVE-2019-2815", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2815" }, { "name": "CVE-2019-2810", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2810" }, { "name": "CVE-2019-2780", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2780" }, { "name": "CVE-2019-2758", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2758" }, { "name": "CVE-2019-2757", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2757" }, { "name": "CVE-2019-2785", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2785" }, { "name": "CVE-2019-2747", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2747" }, { "name": "CVE-2019-2741", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2741" }, { "name": "CVE-2019-2830", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2830" }, { "name": "CVE-2019-2834", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2834" }, { "name": "CVE-2019-2743", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2743" }, { "name": "CVE-2019-2739", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2739" }, { "name": "CVE-2019-2805", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2805" }, { "name": "CVE-2019-2797", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2797" }, { "name": "CVE-2019-2774", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2774" }, { "name": "CVE-2019-2795", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2795" }, { "name": "CVE-2019-2746", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2746" }, { "name": "CVE-2019-2812", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2812" }, { "name": "CVE-2019-2924", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2924" }, { "name": "CVE-2019-2914", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2914" }, { "name": "CVE-2019-2960", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2960" }, { "name": "CVE-2019-2923", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2923" }, { "name": "CVE-2019-2968", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2968" }, { "name": "CVE-2019-2993", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2993" }, { "name": "CVE-2019-3009", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3009" }, { "name": "CVE-2019-2969", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2969" }, { "name": "CVE-2019-3011", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3011" }, { "name": "CVE-2019-2967", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2967" }, { "name": "CVE-2019-2946", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2946" }, { "name": "CVE-2019-2966", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2966" }, { "name": "CVE-2019-2957", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2957" }, { "name": "CVE-2019-2948", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2948" }, { "name": "CVE-2019-2922", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2922" }, { "name": "CVE-2019-3004", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3004" }, { "name": "CVE-2019-2998", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2998" }, { "name": "CVE-2019-2911", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2911" }, { "name": "CVE-2019-2950", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2950" }, { "name": "CVE-2019-2910", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2910" }, { "name": "CVE-2019-3018", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3018" }, { "name": "CVE-2019-2974", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2974" }, { "name": "CVE-2019-2991", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2991" }, { "name": "CVE-2019-2997", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2997" }, { "name": "CVE-2019-2938", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2938" }, { "name": "CVE-2019-3003", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3003" }, { "name": "CVE-2019-2982", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2982" }, { "name": "CVE-2019-2963", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2963" }, { "name": "CVE-2020-2579", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2579" }, { "name": "CVE-2020-2584", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2584" }, { "name": "CVE-2020-2577", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2577" }, { "name": "CVE-2020-2679", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2679" }, { "name": "CVE-2020-2570", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2570" }, { "name": "CVE-2020-2572", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2572" }, { "name": "CVE-2020-2627", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2627" }, { "name": "CVE-2020-2660", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2660" }, { "name": "CVE-2020-2589", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2589" }, { "name": "CVE-2020-2573", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2573" }, { "name": "CVE-2020-2686", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2686" }, { "name": "CVE-2020-2694", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2694" }, { "name": "CVE-2020-2574", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2574" }, { "name": "CVE-2020-2770", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2770" }, { "name": "CVE-2020-2925", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2925" }, { "name": "CVE-2020-2853", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2853" }, { "name": "CVE-2020-2774", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2774" }, { "name": "CVE-2020-2928", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2928" }, { "name": "CVE-2020-2897", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2897" }, { "name": "CVE-2020-2812", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2812" }, { "name": "CVE-2020-2765", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2765" }, { "name": "CVE-2020-2761", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2761" }, { "name": "CVE-2020-2790", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2790" }, { "name": "CVE-2020-2752", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2752" }, { "name": "CVE-2020-2904", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2904" }, { "name": "CVE-2020-2893", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2893" }, { "name": "CVE-2020-2760", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2760" }, { "name": "CVE-2020-2780", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2780" }, { "name": "CVE-2020-2903", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2903" }, { "name": "CVE-2020-2924", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2924" }, { "name": "CVE-2020-2806", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2806" }, { "name": "CVE-2020-2922", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2922" }, { "name": "CVE-2020-2901", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2901" }, { "name": "CVE-2020-2926", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2926" }, { "name": "CVE-2020-2923", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2923" }, { "name": "CVE-2020-2921", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2921" }, { "name": "CVE-2020-2779", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2779" }, { "name": "CVE-2020-2892", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2892" }, { "name": "CVE-2020-2896", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2896" }, { "name": "CVE-2020-2804", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2804" }, { "name": "CVE-2020-2895", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2895" }, { "name": "CVE-2020-2930", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2930" }, { "name": "CVE-2020-2814", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2814" }, { "name": "CVE-2020-2759", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2759" }, { "name": "CVE-2020-2763", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2763" }, { "name": "CVE-2020-14550", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14550" }, { "name": "CVE-2020-14567", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14567" }, { "name": "CVE-2020-14559", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14559" }, { "name": "CVE-2020-14576", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14576" }, { "name": "CVE-2020-14540", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14540" }, { "name": "CVE-2020-14547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14547" }, { "name": "CVE-2020-14553", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14553" }, { "name": "CVE-2020-14539", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14539" }, { "name": "CVE-2020-14845", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14845" }, { "name": "CVE-2020-14799", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14799" }, { "name": "CVE-2020-14793", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14793" }, { "name": "CVE-2020-14888", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14888" }, { "name": "CVE-2020-14790", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14790" }, { "name": "CVE-2020-14789", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14789" }, { "name": "CVE-2020-14672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14672" }, { "name": "CVE-2020-14846", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14846" }, { "name": "CVE-2020-14771", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14771" }, { "name": "CVE-2020-14873", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14873" }, { "name": "CVE-2020-14791", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14791" }, { "name": "CVE-2020-14769", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14769" }, { "name": "CVE-2020-14844", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14844" }, { "name": "CVE-2020-14809", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14809" }, { "name": "CVE-2020-14860", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14860" }, { "name": "CVE-2020-14866", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14866" }, { "name": "CVE-2020-14861", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14861" }, { "name": "CVE-2020-14773", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14773" }, { "name": "CVE-2020-14776", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14776" }, { "name": "CVE-2020-14852", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14852" }, { "name": "CVE-2020-14760", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14760" }, { "name": "CVE-2020-14870", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14870" }, { "name": "CVE-2020-14837", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14837" }, { "name": "CVE-2020-14893", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14893" }, { "name": "CVE-2020-14836", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14836" }, { "name": "CVE-2020-14829", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14829" }, { "name": "CVE-2020-14868", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14868" }, { "name": "CVE-2020-14827", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14827" }, { "name": "CVE-2020-14839", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14839" }, { "name": "CVE-2020-14777", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14777" }, { "name": "CVE-2020-14812", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14812" }, { "name": "CVE-2020-14775", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14775" }, { "name": "CVE-2020-14838", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14838" }, { "name": "CVE-2020-14869", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14869" }, { "name": "CVE-2020-14765", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14765" }, { "name": "CVE-2020-14814", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14814" }, { "name": "CVE-2020-14821", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14821" }, { "name": "CVE-2020-14830", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14830" }, { "name": "CVE-2020-14828", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14828" }, { "name": "CVE-2020-14804", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14804" }, { "name": "CVE-2020-14800", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14800" }, { "name": "CVE-2020-14891", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14891" }, { "name": "CVE-2020-14848", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14848" }, { "name": "CVE-2020-14867", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14867" }, { "name": "CVE-2020-14785", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14785" }, { "name": "CVE-2020-14794", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14794" }, { "name": "CVE-2020-14786", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14786" }, { "name": "CVE-2020-15358", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358" }, { "name": "CVE-2020-1971", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971" }, { "name": "CVE-2021-2010", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2010" }, { "name": "CVE-2021-2001", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2001" }, { "name": "CVE-2021-2060", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2060" }, { "name": "CVE-2021-2014", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2014" }, { "name": "CVE-2021-2032", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2032" }, { "name": "CVE-2021-2036", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2036" }, { "name": "CVE-2021-2007", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2007" }, { "name": "CVE-2021-2011", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2011" }, { "name": "CVE-2021-2022", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2022" }, { "name": "CVE-2019-25013", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013" }, { "name": "CVE-2021-2308", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2308" }, { "name": "CVE-2021-2213", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2213" }, { "name": "CVE-2021-2172", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2172" }, { "name": "CVE-2021-2293", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2293" }, { "name": "CVE-2021-2208", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2208" }, { "name": "CVE-2021-2196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2196" }, { "name": "CVE-2021-2194", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2194" }, { "name": "CVE-2021-2298", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2298" }, { "name": "CVE-2021-2162", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2162" }, { "name": "CVE-2021-2179", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2179" }, { "name": "CVE-2021-2307", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2307" }, { "name": "CVE-2021-2217", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2217" }, { "name": "CVE-2021-2180", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2180" }, { "name": "CVE-2021-2203", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2203" }, { "name": "CVE-2021-2144", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2144" }, { "name": "CVE-2021-2226", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2226" }, { "name": "CVE-2021-2232", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2232" }, { "name": "CVE-2021-2169", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2169" }, { "name": "CVE-2021-2301", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2301" }, { "name": "CVE-2021-2202", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2202" }, { "name": "CVE-2021-2166", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2166" }, { "name": "CVE-2021-2174", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2174" }, { "name": "CVE-2021-2154", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2154" }, { "name": "CVE-2021-2193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2193" }, { "name": "CVE-2021-2300", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2300" }, { "name": "CVE-2021-2299", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2299" }, { "name": "CVE-2021-2212", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2212" }, { "name": "CVE-2021-2178", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2178" }, { "name": "CVE-2021-2146", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2146" }, { "name": "CVE-2021-2230", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2230" }, { "name": "CVE-2021-2278", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2278" }, { "name": "CVE-2021-2164", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2164" }, { "name": "CVE-2021-2201", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2201" }, { "name": "CVE-2021-2170", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2170" }, { "name": "CVE-2021-2304", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2304" }, { "name": "CVE-2021-2160", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2160" }, { "name": "CVE-2021-2171", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2171" }, { "name": "CVE-2021-2305", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2305" }, { "name": "CVE-2021-2215", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2215" }, { "name": "CVE-2021-25214", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25214" }, { "name": "CVE-2012-6153", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6153" }, { "name": "CVE-2020-10878", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878" }, { "name": "CVE-2021-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2370" }, { "name": "CVE-2021-2389", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389" }, { "name": "CVE-2021-2444", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2444" }, { "name": "CVE-2021-2429", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2429" }, { "name": "CVE-2021-2426", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2426" }, { "name": "CVE-2021-2427", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2427" }, { "name": "CVE-2021-2339", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2339" }, { "name": "CVE-2021-2425", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2425" }, { "name": "CVE-2021-2387", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2387" }, { "name": "CVE-2021-2383", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2383" }, { "name": "CVE-2021-2372", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372" }, { "name": "CVE-2021-2399", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2399" }, { "name": "CVE-2021-2384", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2384" }, { "name": "CVE-2021-2412", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2412" }, { "name": "CVE-2021-2441", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2441" }, { "name": "CVE-2021-2410", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2410" }, { "name": "CVE-2021-2342", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342" }, { "name": "CVE-2021-2437", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2437" }, { "name": "CVE-2021-2417", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2417" }, { "name": "CVE-2021-2424", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2424" }, { "name": "CVE-2021-2385", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385" }, { "name": "CVE-2021-2357", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2357" }, { "name": "CVE-2021-2352", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2352" }, { "name": "CVE-2021-2402", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2402" }, { "name": "CVE-2021-2440", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2440" }, { "name": "CVE-2021-2340", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2340" }, { "name": "CVE-2021-2390", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390" }, { "name": "CVE-2021-2374", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2374" }, { "name": "CVE-2021-2356", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2356" }, { "name": "CVE-2021-2411", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2411" }, { "name": "CVE-2021-2418", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2418" }, { "name": "CVE-2021-2367", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2367" }, { "name": "CVE-2021-2354", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2354" }, { "name": "CVE-2021-2422", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2422" }, { "name": "CVE-2020-10543", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10543" }, { "name": "CVE-2020-12723", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12723" }, { "name": "CVE-2020-10029", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029" }, { "name": "CVE-2021-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337" }, { "name": "CVE-2020-28500", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500" }, { "name": "CVE-2019-18276", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276" }, { "name": "CVE-2021-3421", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3421" }, { "name": "CVE-2021-3326", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326" }, { "name": "CVE-2019-2708", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2708" }, { "name": "CVE-2020-27618", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618" }, { "name": "CVE-2021-35640", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35640" }, { "name": "CVE-2021-35626", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35626" }, { "name": "CVE-2021-2478", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2478" }, { "name": "CVE-2021-35624", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35624" }, { "name": "CVE-2021-35583", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35583" }, { "name": "CVE-2021-35628", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35628" }, { "name": "CVE-2021-35630", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35630" }, { "name": "CVE-2021-35644", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35644" }, { "name": "CVE-2021-2479", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2479" }, { "name": "CVE-2021-35638", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35638" }, { "name": "CVE-2021-35646", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35646" }, { "name": "CVE-2021-35596", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35596" }, { "name": "CVE-2021-35643", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35643" }, { "name": "CVE-2021-35637", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35637" }, { "name": "CVE-2021-35623", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35623" }, { "name": "CVE-2021-35632", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35632" }, { "name": "CVE-2021-35641", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35641" }, { "name": "CVE-2021-35604", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35604" }, { "name": "CVE-2021-35636", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35636" }, { "name": "CVE-2021-35546", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35546" }, { "name": "CVE-2021-35627", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35627" }, { "name": "CVE-2021-35625", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35625" }, { "name": "CVE-2021-35608", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35608" }, { "name": "CVE-2021-35597", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35597" }, { "name": "CVE-2021-35537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35537" }, { "name": "CVE-2021-2481", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2481" }, { "name": "CVE-2021-35622", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35622" }, { "name": "CVE-2021-35610", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35610" }, { "name": "CVE-2021-35633", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35633" }, { "name": "CVE-2021-35634", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35634" }, { "name": "CVE-2021-35629", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35629" }, { "name": "CVE-2021-35631", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35631" }, { "name": "CVE-2021-35645", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35645" }, { "name": "CVE-2021-35647", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35647" }, { "name": "CVE-2021-35612", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35612" }, { "name": "CVE-2021-35639", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35639" }, { "name": "CVE-2021-35648", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35648" }, { "name": "CVE-2021-35607", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35607" }, { "name": "CVE-2021-35602", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35602" }, { "name": "CVE-2021-35577", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35577" }, { "name": "CVE-2021-35642", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35642" }, { "name": "CVE-2021-35575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35575" }, { "name": "CVE-2021-35635", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35635" }, { "name": "CVE-2021-35591", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35591" }, { "name": "CVE-2021-25219", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25219" }, { "name": "CVE-2021-3875", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3875" }, { "name": "CVE-2019-10744", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744" }, { "name": "CVE-2022-21352", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21352" }, { "name": "CVE-2022-21304", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21304" }, { "name": "CVE-2022-21254", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21254" }, { "name": "CVE-2022-21265", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21265" }, { "name": "CVE-2022-21348", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21348" }, { "name": "CVE-2022-21372", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21372" }, { "name": "CVE-2022-21245", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21245" }, { "name": "CVE-2022-21368", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21368" }, { "name": "CVE-2022-21339", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21339" }, { "name": "CVE-2022-21264", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21264" }, { "name": "CVE-2022-21297", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21297" }, { "name": "CVE-2022-21379", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21379" }, { "name": "CVE-2022-21253", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21253" }, { "name": "CVE-2022-21301", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21301" }, { "name": "CVE-2022-21378", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21378" }, { "name": "CVE-2022-21370", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21370" }, { "name": "CVE-2022-21302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21302" }, { "name": "CVE-2022-21249", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21249" }, { "name": "CVE-2022-21344", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21344" }, { "name": "CVE-2022-21270", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21270" }, { "name": "CVE-2022-21367", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21367" }, { "name": "CVE-2022-21342", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21342" }, { "name": "CVE-2022-21362", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21362" }, { "name": "CVE-2022-21303", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21303" }, { "name": "CVE-2022-21256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21256" }, { "name": "CVE-2022-21358", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21358" }, { "name": "CVE-2022-21374", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21374" }, { "name": "CVE-2022-3602", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602" }, { "name": "CVE-2022-2309", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2309" }, { "name": "CVE-2022-29824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29824" }, { "name": "CVE-2022-35737", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737" }, { "name": "CVE-2022-40303", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303" }, { "name": "CVE-2022-40304", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304" }, { "name": "CVE-2020-8203", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203" }, { "name": "CVE-2022-3786", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786" }, { "name": "CVE-2022-2795", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795" }, { "name": "CVE-2022-34903", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34903" }, { "name": "CVE-2022-3515", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3515" }, { "name": "CVE-2022-3996", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996" }, { "name": "CVE-2022-22942", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942" }, { "name": "CVE-2021-4193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193" }, { "name": "CVE-2020-15366", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366" }, { "name": "CVE-2022-22965", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965" }, { "name": "CVE-2022-0213", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213" }, { "name": "CVE-2022-21418", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21418" }, { "name": "CVE-2022-21412", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21412" }, { "name": "CVE-2022-21437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21437" }, { "name": "CVE-2022-21478", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21478" }, { "name": "CVE-2022-21479", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21479" }, { "name": "CVE-2022-21438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21438" }, { "name": "CVE-2022-21440", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21440" }, { "name": "CVE-2022-21451", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21451" }, { "name": "CVE-2022-21427", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21427" }, { "name": "CVE-2022-21415", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21415" }, { "name": "CVE-2022-21459", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21459" }, { "name": "CVE-2022-21460", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21460" }, { "name": "CVE-2022-21414", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21414" }, { "name": "CVE-2022-21413", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21413" }, { "name": "CVE-2022-21436", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21436" }, { "name": "CVE-2022-21435", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21435" }, { "name": "CVE-2022-21462", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21462" }, { "name": "CVE-2022-21444", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21444" }, { "name": "CVE-2022-21417", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21417" }, { "name": "CVE-2022-21457", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21457" }, { "name": "CVE-2022-21425", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21425" }, { "name": "CVE-2022-21452", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21452" }, { "name": "CVE-2021-20266", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20266" }, { "name": "CVE-2022-1292", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292" }, { "name": "CVE-2022-1473", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473" }, { "name": "CVE-2021-3521", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3521" }, { "name": "CVE-2021-4122", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4122" }, { "name": "CVE-2022-2068", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068" }, { "name": "CVE-2017-7500", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7500" }, { "name": "CVE-2021-33574", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33574" }, { "name": "CVE-2017-11164", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11164" }, { "name": "CVE-2022-21525", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21525" }, { "name": "CVE-2022-21537", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21537" }, { "name": "CVE-2022-21455", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21455" }, { "name": "CVE-2022-21534", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21534" }, { "name": "CVE-2022-21528", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21528" }, { "name": "CVE-2022-21529", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21529" }, { "name": "CVE-2022-21531", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21531" }, { "name": "CVE-2022-21515", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21515" }, { "name": "CVE-2022-21538", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21538" }, { "name": "CVE-2022-21527", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21527" }, { "name": "CVE-2022-21517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21517" }, { "name": "CVE-2022-21539", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21539" }, { "name": "CVE-2022-21556", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21556" }, { "name": "CVE-2022-21509", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21509" }, { "name": "CVE-2022-21553", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21553" }, { "name": "CVE-2022-21530", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21530" }, { "name": "CVE-2022-21522", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21522" }, { "name": "CVE-2022-21547", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21547" }, { "name": "CVE-2022-21569", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21569" }, { "name": "CVE-2022-21526", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21526" }, { "name": "CVE-2021-3999", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3999" }, { "name": "CVE-2022-23218", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23218" }, { "name": "CVE-2022-23219", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219" }, { "name": "CVE-2022-27782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782" }, { "name": "CVE-2021-25220", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220" }, { "name": "CVE-2022-0396", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0396" }, { "name": "CVE-2022-3358", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358" }, { "name": "CVE-2022-1271", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271" }, { "name": "CVE-2012-5783", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5783" }, { "name": "CVE-2022-21592", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21592" }, { "name": "CVE-2022-21617", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21617" }, { "name": "CVE-2022-21595", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21595" }, { "name": "CVE-2022-21608", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21608" }, { "name": "CVE-2022-21589", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21589" }, { "name": "CVE-2023-21863", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21863" }, { "name": "CVE-2023-21873", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21873" }, { "name": "CVE-2023-21879", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21879" }, { "name": "CVE-2023-21880", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21880" }, { "name": "CVE-2023-21869", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21869" }, { "name": "CVE-2023-21872", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21872" }, { "name": "CVE-2023-21877", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21877" }, { "name": "CVE-2023-21870", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21870" }, { "name": "CVE-2023-21887", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21887" }, { "name": "CVE-2023-21836", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21836" }, { "name": "CVE-2023-21881", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21881" }, { "name": "CVE-2023-21876", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21876" }, { "name": "CVE-2023-21840", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840" }, { "name": "CVE-2023-21878", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21878" }, { "name": "CVE-2023-21866", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21866" }, { "name": "CVE-2023-21875", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21875" }, { "name": "CVE-2023-21865", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21865" }, { "name": "CVE-2023-21883", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21883" }, { "name": "CVE-2023-21867", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21867" }, { "name": "CVE-2023-21874", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21874" }, { "name": "CVE-2023-21871", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21871" }, { "name": "CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "name": "CVE-2023-0401", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401" }, { "name": "CVE-2023-0215", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215" }, { "name": "CVE-2023-0217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217" }, { "name": "CVE-2023-0216", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216" }, { "name": "CVE-2022-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450" }, { "name": "CVE-2022-4415", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4415" }, { "name": "CVE-2023-24329", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329" }, { "name": "CVE-2023-0464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464" }, { "name": "CVE-2023-21963", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963" }, { "name": "CVE-2023-21977", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21977" }, { "name": "CVE-2023-21912", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912" }, { "name": "CVE-2023-29469", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29469" }, { "name": "CVE-2023-28484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28484" }, { "name": "CVE-2023-20873", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873" }, { "name": "CVE-2023-20883", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883" }, { "name": "CVE-2023-27535", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535" }, { "name": "CVE-2023-27538", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538" }, { "name": "CVE-2023-27536", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536" }, { "name": "CVE-2023-27537", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537" }, { "name": "CVE-2020-1752", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1752" }, { "name": "CVE-2021-35942", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35942" }, { "name": "CVE-2021-38604", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38604" }, { "name": "CVE-2020-29562", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29562" }, { "name": "CVE-2021-27645", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27645" }, { "name": "CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "name": "CVE-2022-46908", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46908" }, { "name": "CVE-2023-28320", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320" }, { "name": "CVE-2023-28321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321" }, { "name": "CVE-2023-22053", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22053" }, { "name": "CVE-2023-22007", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22007" }, { "name": "CVE-2022-4899", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899" }, { "name": "CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "name": "CVE-2023-40403", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40403" }, { "name": "CVE-2023-4911", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2016-1000027", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027" }, { "name": "CVE-2023-35116", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116" }, { "name": "CVE-2023-22097", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22097" }, { "name": "CVE-2023-22084", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22084" }, { "name": "CVE-2023-22026", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22026" }, { "name": "CVE-2023-22028", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22028" }, { "name": "CVE-2023-22015", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22015" }, { "name": "CVE-2023-22103", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22103" }, { "name": "CVE-2023-22068", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22068" }, { "name": "CVE-2023-22078", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22078" }, { "name": "CVE-2023-38546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546" }, { "name": "CVE-2023-22059", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22059" }, { "name": "CVE-2023-22066", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22066" }, { "name": "CVE-2023-22114", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22114" }, { "name": "CVE-2023-22070", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22070" }, { "name": "CVE-2023-22032", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22032" }, { "name": "CVE-2023-5363", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363" }, { "name": "CVE-2023-4807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807" }, { "name": "CVE-2023-45853", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853" }, { "name": "CVE-2023-5678", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678" }, { "name": "CVE-2023-40217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217" }, { "name": "CVE-2023-45803", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "name": "CVE-2021-22570", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22570" }, { "name": "CVE-2023-2603", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603" }, { "name": "CVE-2023-2602", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2602" }, { "name": "CVE-2023-4527", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4527" }, { "name": "CVE-2023-4813", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813" }, { "name": "CVE-2023-4806", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806" }, { "name": "CVE-2022-48303", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48303" }, { "name": "CVE-2023-34055", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34055" }, { "name": "CVE-2023-4039", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4039" }, { "name": "CVE-2022-3715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3715" }, { "name": "CVE-2023-0687", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0687" }, { "name": "CVE-2023-5156", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156" }, { "name": "CVE-2022-48522", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522" }, { "name": "CVE-2023-39615", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615" }, { "name": "CVE-2021-46848", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848" }, { "name": "CVE-2021-33294", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33294" }, { "name": "CVE-2021-43618", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618" }, { "name": "CVE-2023-45322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45322" }, { "name": "CVE-2022-28321", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28321" }, { "name": "CVE-2023-4016", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4016" }, { "name": "CVE-2013-4235", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4235" }, { "name": "CVE-2023-34969", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969" }, { "name": "CVE-2021-20193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193" }, { "name": "CVE-2023-29383", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29383" }, { "name": "CVE-2023-5981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981" }, { "name": "CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "name": "CVE-2023-6237", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237" }, { "name": "CVE-2023-31484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484" }, { "name": "CVE-2023-36054", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054" }, { "name": "CVE-2023-7104", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104" }, { "name": "CVE-2023-6129", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129" }, { "name": "CVE-2023-46218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" }, { "name": "CVE-2023-46219", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219" }, { "name": "CVE-2024-0727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727" }, { "name": "CVE-2023-47100", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47100" }, { "name": "CVE-2023-47038", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038" }, { "name": "CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "name": "CVE-2022-27772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27772" }, { "name": "CVE-2023-27043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043" }, { "name": "CVE-2023-6481", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481" }, { "name": "CVE-2023-36632", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632" }, { "name": "CVE-2024-28085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085" }, { "name": "CVE-2024-2511", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511" }, { "name": "CVE-2020-22916", "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916" }, { "name": "CVE-2016-2781", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781" }, { "name": "CVE-2023-3978", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978" }, { "name": "CVE-2017-7501", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7501" }, { "name": "CVE-2021-35939", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35939" }, { "name": "CVE-2024-0553", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0553" }, { "name": "CVE-2021-35938", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35938" }, { "name": "CVE-2021-35937", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35937" }, { "name": "CVE-2023-6597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597" }, { "name": "CVE-2024-26686", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26686" }, { "name": "CVE-2023-52572", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52572" }, { "name": "CVE-2007-4559", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4559" }, { "name": "CVE-2023-3138", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3138" }, { "name": "CVE-2024-28182", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182" }, { "name": "CVE-2023-45288", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288" }, { "name": "CVE-2024-4603", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603" }, { "name": "CVE-2023-6378", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378" }, { "name": "CVE-2023-31486", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31486" }, { "name": "CVE-2024-26739", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26739" }, { "name": "CVE-2024-4741", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741" }, { "name": "CVE-2023-51074", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074" }, { "name": "CVE-2023-52757", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52757" }, { "name": "CVE-2024-35866", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35866" }, { "name": "CVE-2024-35867", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35867" }, { "name": "CVE-2024-35943", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35943" }, { "name": "CVE-2024-28180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180" }, { "name": "CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "name": "CVE-2024-30171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171" }, { "name": "CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "name": "CVE-2024-5535", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535" }, { "name": "CVE-2024-35790", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35790" }, { "name": "CVE-2024-3651", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651" }, { "name": "CVE-2024-2004", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2004" }, { "name": "CVE-2024-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398" }, { "name": "CVE-2024-0397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397" }, { "name": "CVE-2024-4030", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4030" }, { "name": "CVE-2024-4032", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032" }, { "name": "CVE-2024-3596", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596" }, { "name": "CVE-2024-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450" }, { "name": "CVE-2024-25062", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062" }, { "name": "CVE-2024-26458", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458" }, { "name": "CVE-2024-26461", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461" }, { "name": "CVE-2024-28834", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834" }, { "name": "CVE-2024-2961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961" }, { "name": "CVE-2024-33599", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599" }, { "name": "CVE-2024-33600", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600" }, { "name": "CVE-2024-33601", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601" }, { "name": "CVE-2024-33602", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602" }, { "name": "CVE-2024-35195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195" }, { "name": "CVE-2024-36945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945" }, { "name": "CVE-2024-38540", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38540" }, { "name": "CVE-2024-38541", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541" }, { "name": "CVE-2023-4641", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4641" }, { "name": "CVE-2024-0567", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0567" }, { "name": "CVE-2024-22365", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365" }, { "name": "CVE-2024-21137", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21137" }, { "name": "CVE-2024-0760", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0760" }, { "name": "CVE-2024-1737", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737" }, { "name": "CVE-2024-1975", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975" }, { "name": "CVE-2024-28835", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28835" }, { "name": "CVE-2024-6923", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923" }, { "name": "CVE-2024-3219", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219" }, { "name": "CVE-2024-36908", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36908" }, { "name": "CVE-2024-27402", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27402" }, { "name": "CVE-2024-37891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891" }, { "name": "CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" }, { "name": "CVE-2024-38808", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38808" }, { "name": "CVE-2024-38809", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38809" }, { "name": "CVE-2024-42230", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42230" }, { "name": "CVE-2024-38807", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38807" }, { "name": "CVE-2024-6232", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232" }, { "name": "CVE-2024-6119", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119" }, { "name": "CVE-2024-38816", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816" }, { "name": "CVE-2022-48893", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48893" }, { "name": "CVE-2024-42322", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322" }, { "name": "CVE-2024-7264", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264" }, { "name": "CVE-2023-5841", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5841" }, { "name": "CVE-2024-34459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34459" }, { "name": "CVE-2024-8096", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096" }, { "name": "CVE-2023-6246", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6246" }, { "name": "CVE-2024-46812", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46812" }, { "name": "CVE-2024-46821", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46821" }, { "name": "CVE-2024-46751", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46751" }, { "name": "CVE-2024-46753", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46753" }, { "name": "CVE-2024-46774", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46774" }, { "name": "CVE-2024-46787", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46787" }, { "name": "CVE-2022-21454", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21454" }, { "name": "CVE-2024-21193", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21193" }, { "name": "CVE-2024-21194", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21194" }, { "name": "CVE-2024-21196", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21196" }, { "name": "CVE-2024-21197", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21197" }, { "name": "CVE-2024-21198", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21198" }, { "name": "CVE-2024-21199", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21199" }, { "name": "CVE-2024-21201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21201" }, { "name": "CVE-2024-21207", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21207" }, { "name": "CVE-2024-21209", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21209" }, { "name": "CVE-2024-21212", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21212" }, { "name": "CVE-2024-21213", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21213" }, { "name": "CVE-2024-21219", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21219" }, { "name": "CVE-2024-21236", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21236" }, { "name": "CVE-2024-21239", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21239" }, { "name": "CVE-2024-21241", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21241" }, { "name": "CVE-2024-7254", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254" }, { "name": "CVE-2024-9143", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143" }, { "name": "CVE-2024-38819", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819" }, { "name": "CVE-2024-38820", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820" }, { "name": "CVE-2024-10487", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10487" }, { "name": "CVE-2024-10458", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10458" }, { "name": "CVE-2024-10459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10459" }, { "name": "CVE-2024-10460", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10460" }, { "name": "CVE-2024-10461", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10461" }, { "name": "CVE-2024-10462", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10462" }, { "name": "CVE-2024-10463", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10463" }, { "name": "CVE-2024-10464", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10464" }, { "name": "CVE-2024-10465", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10465" }, { "name": "CVE-2024-10466", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10466" }, { "name": "CVE-2024-10467", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10467" }, { "name": "CVE-2024-10468", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10468" }, { "name": "CVE-2024-34447", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447" }, { "name": "CVE-2024-38286", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286" }, { "name": "CVE-2024-7592", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592" }, { "name": "CVE-2024-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088" }, { "name": "CVE-2024-9681", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681" }, { "name": "CVE-2024-11168", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168" }, { "name": "CVE-2024-38828", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828" }, { "name": "CVE-2024-46816", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46816" }, { "name": "CVE-2024-11395", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11395" }, { "name": "CVE-2024-49960", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49960" }, { "name": "CVE-2024-50047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50047" }, { "name": "CVE-2024-50073", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50073" }, { "name": "CVE-2024-11691", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11691" }, { "name": "CVE-2024-11692", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11692" }, { "name": "CVE-2024-11693", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11693" }, { "name": "CVE-2024-11694", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11694" }, { "name": "CVE-2024-11695", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11695" }, { "name": "CVE-2024-11696", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11696" }, { "name": "CVE-2024-11697", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11697" }, { "name": "CVE-2024-11698", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11698" }, { "name": "CVE-2024-11699", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11699" }, { "name": "CVE-2024-11700", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11700" }, { "name": "CVE-2024-11701", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11701" }, { "name": "CVE-2024-11702", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11702" }, { "name": "CVE-2024-11703", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11703" }, { "name": "CVE-2024-11704", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11704" }, { "name": "CVE-2024-11705", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11705" }, { "name": "CVE-2024-11706", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11706" }, { "name": "CVE-2024-11708", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11708" }, { "name": "CVE-2024-50272", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50272" }, { "name": "CVE-2024-50280", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50280" }, { "name": "CVE-2024-11053", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053" }, { "name": "CVE-2024-10041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041" }, { "name": "CVE-2024-10963", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963" }, { "name": "CVE-2024-47554", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554" }, { "name": "CVE-2024-49989", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49989" }, { "name": "CVE-2024-50125", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50125" }, { "name": "CVE-2024-53051", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53051" }, { "name": "CVE-2024-53144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53144" }, { "name": "CVE-2024-8805", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8805" }, { "name": "CVE-2025-0237", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0237" }, { "name": "CVE-2025-0238", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0238" }, { "name": "CVE-2025-0239", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0239" }, { "name": "CVE-2025-0240", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0240" }, { "name": "CVE-2025-0241", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0241" }, { "name": "CVE-2025-0242", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0242" }, { "name": "CVE-2025-0243", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0243" }, { "name": "CVE-2025-0245", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0245" }, { "name": "CVE-2025-0247", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0247" }, { "name": "CVE-2025-0434", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0434" }, { "name": "CVE-2025-0435", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0435" }, { "name": "CVE-2025-0436", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0436" }, { "name": "CVE-2025-0437", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0437" }, { "name": "CVE-2025-0438", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0438" }, { "name": "CVE-2025-0439", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0439" }, { "name": "CVE-2025-0440", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0440" }, { "name": "CVE-2025-0441", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0441" }, { "name": "CVE-2025-0442", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0442" }, { "name": "CVE-2025-0443", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0443" }, { "name": "CVE-2025-0446", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0446" }, { "name": "CVE-2025-0447", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0447" }, { "name": "CVE-2025-0448", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0448" }, { "name": "CVE-2025-21523", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21523" }, { "name": "CVE-2025-0612", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0612" }, { "name": "CVE-2025-23083", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083" }, { "name": "CVE-2025-23084", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084" }, { "name": "CVE-2025-23085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085" }, { "name": "CVE-2025-0938", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938" }, { "name": "CVE-2025-0444", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0444" }, { "name": "CVE-2025-0445", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0445" }, { "name": "CVE-2025-0451", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0451" }, { "name": "CVE-2025-0762", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0762" }, { "name": "CVE-2025-1009", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1009" }, { "name": "CVE-2025-1010", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1010" }, { "name": "CVE-2025-1011", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1011" }, { "name": "CVE-2025-1012", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1012" }, { "name": "CVE-2025-1013", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1013" }, { "name": "CVE-2025-1014", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1014" }, { "name": "CVE-2024-56664", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664" }, { "name": "CVE-2025-1016", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1016" }, { "name": "CVE-2025-1017", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1017" }, { "name": "CVE-2025-1018", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1018" }, { "name": "CVE-2025-1019", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1019" }, { "name": "CVE-2025-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1020" }, { "name": "CVE-2025-0167", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167" }, { "name": "CVE-2025-0725", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725" }, { "name": "CVE-2024-47535", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535" }, { "name": "CVE-2024-50258", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50258" }, { "name": "CVE-2024-53203", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53203" }, { "name": "CVE-2024-53128", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53128" }, { "name": "CVE-2025-0995", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0995" }, { "name": "CVE-2025-0996", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0996" }, { "name": "CVE-2025-0997", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0997" }, { "name": "CVE-2025-0998", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0998" }, { "name": "CVE-2024-13176", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176" }, { "name": "CVE-2025-1414", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1414" }, { "name": "CVE-2025-0999", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0999" }, { "name": "CVE-2025-1006", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1006" }, { "name": "CVE-2025-1426", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1426" }, { "name": "CVE-2024-56751", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56751" }, { "name": "CVE-2023-39017", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39017" }, { "name": "CVE-2025-1795", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795" }, { "name": "CVE-2025-1914", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1914" }, { "name": "CVE-2025-1915", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1915" }, { "name": "CVE-2025-1916", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1916" }, { "name": "CVE-2025-1917", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1917" }, { "name": "CVE-2025-1918", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1918" }, { "name": "CVE-2025-1919", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1919" }, { "name": "CVE-2025-1921", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1921" }, { "name": "CVE-2025-1922", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1922" }, { "name": "CVE-2025-1923", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1923" }, { "name": "CVE-2025-1930", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1930" }, { "name": "CVE-2025-1931", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1931" }, { "name": "CVE-2025-1932", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1932" }, { "name": "CVE-2025-1933", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1933" }, { "name": "CVE-2025-1934", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1934" }, { "name": "CVE-2025-1935", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1935" }, { "name": "CVE-2025-1936", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1936" }, { "name": "CVE-2025-1937", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1937" }, { "name": "CVE-2025-1938", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1938" }, { "name": "CVE-2025-1939", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1939" }, { "name": "CVE-2025-1940", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1940" }, { "name": "CVE-2025-1941", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1941" }, { "name": "CVE-2025-1942", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1942" }, { "name": "CVE-2025-1943", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1943" }, { "name": "CVE-2025-1920", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1920" }, { "name": "CVE-2025-2135", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2135" }, { "name": "CVE-2025-2136", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2136" }, { "name": "CVE-2025-2137", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2137" }, { "name": "CVE-2025-24813", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813" }, { "name": "CVE-2024-6763", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763" }, { "name": "CVE-2022-49043", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043" }, { "name": "CVE-2024-45338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338" }, { "name": "CVE-2024-51744", "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744" }, { "name": "CVE-2025-24970", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970" }, { "name": "CVE-2025-25193", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193" }, { "name": "CVE-2024-45772", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45772" }, { "name": "CVE-2025-2476", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2476" }, { "name": "CVE-2025-2857", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2857" }, { "name": "CVE-2024-45337", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337" }, { "name": "CVE-2025-22870", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870" }, { "name": "CVE-2025-2783", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783" }, { "name": "CVE-2022-49063", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49063" }, { "name": "CVE-2022-49535", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49535" }, { "name": "CVE-2024-56171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171" }, { "name": "CVE-2025-27113", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113" }, { "name": "CVE-2025-3066", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3066" }, { "name": "CVE-2025-3067", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3067" }, { "name": "CVE-2025-3068", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3068" }, { "name": "CVE-2025-3071", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3071" }, { "name": "CVE-2025-3072", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3072" }, { "name": "CVE-2025-3073", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3073" }, { "name": "CVE-2025-3074", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3074" }, { "name": "CVE-2025-3028", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3028" }, { "name": "CVE-2025-3029", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3029" }, { "name": "CVE-2025-3030", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3030" }, { "name": "CVE-2025-3031", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3031" }, { "name": "CVE-2025-3032", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3032" }, { "name": "CVE-2025-3033", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3033" }, { "name": "CVE-2025-3034", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3034" }, { "name": "CVE-2025-3035", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3035" }, { "name": "CVE-2024-54458", "url": "https://www.cve.org/CVERecord?id=CVE-2024-54458" }, { "name": "CVE-2025-3608", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3608" }, { "name": "CVE-2025-21574", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574" }, { "name": "CVE-2025-21575", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575" }, { "name": "CVE-2025-21577", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577" }, { "name": "CVE-2025-21579", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579" }, { "name": "CVE-2025-21580", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580" }, { "name": "CVE-2025-21581", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581" }, { "name": "CVE-2025-21584", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584" }, { "name": "CVE-2025-21585", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585" }, { "name": "CVE-2025-21588", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21588" }, { "name": "CVE-2025-30681", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681" }, { "name": "CVE-2025-30682", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682" }, { "name": "CVE-2025-30683", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683" }, { "name": "CVE-2025-30684", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684" }, { "name": "CVE-2025-30685", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685" }, { "name": "CVE-2025-30687", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687" }, { "name": "CVE-2025-30688", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688" }, { "name": "CVE-2025-30689", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689" }, { "name": "CVE-2025-30693", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693" }, { "name": "CVE-2025-30695", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695" }, { "name": "CVE-2025-30696", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696" }, { "name": "CVE-2025-30699", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699" }, { "name": "CVE-2025-30703", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703" }, { "name": "CVE-2025-30704", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704" }, { "name": "CVE-2025-30705", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705" }, { "name": "CVE-2025-30715", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715" }, { "name": "CVE-2025-30721", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721" }, { "name": "CVE-2025-21839", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21839" }, { "name": "CVE-2025-3619", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3619" }, { "name": "CVE-2025-3620", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3620" }, { "name": "CVE-2025-24928", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928" }, { "name": "CVE-2025-21941", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21941" }, { "name": "CVE-2025-21956", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21956" }, { "name": "CVE-2025-21957", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21957" }, { "name": "CVE-2025-21959", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21959" }, { "name": "CVE-2025-21962", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21962" }, { "name": "CVE-2025-21963", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21963" }, { "name": "CVE-2025-21964", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964" }, { "name": "CVE-2025-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21968" }, { "name": "CVE-2025-21970", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21970" }, { "name": "CVE-2025-21975", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21975" }, { "name": "CVE-2025-21981", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21981" }, { "name": "CVE-2025-21991", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991" }, { "name": "CVE-2025-21992", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21992" }, { "name": "CVE-2025-21994", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21994" }, { "name": "CVE-2025-21996", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21996" }, { "name": "CVE-2025-21999", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21999" }, { "name": "CVE-2025-22004", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004" }, { "name": "CVE-2025-22005", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22005" }, { "name": "CVE-2025-22007", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22007" }, { "name": "CVE-2025-22008", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22008" }, { "name": "CVE-2025-22010", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22010" }, { "name": "CVE-2025-22014", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22014" }, { "name": "CVE-2024-12798", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798" }, { "name": "CVE-2024-12801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801" }, { "name": "CVE-2025-22868", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868" }, { "name": "CVE-2025-22871", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871" }, { "name": "CVE-2025-22235", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235" }, { "name": "CVE-2025-2312", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2312" }, { "name": "CVE-2025-30204", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204" }, { "name": "CVE-2025-4050", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4050" }, { "name": "CVE-2025-4051", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4051" }, { "name": "CVE-2025-4052", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4052" }, { "name": "CVE-2025-4096", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4096" }, { "name": "CVE-2025-2817", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2817" }, { "name": "CVE-2025-4082", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4082" }, { "name": "CVE-2025-4083", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4083" }, { "name": "CVE-2025-4085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4085" }, { "name": "CVE-2025-4087", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4087" }, { "name": "CVE-2025-4088", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4088" }, { "name": "CVE-2025-4089", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4089" }, { "name": "CVE-2025-4090", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4090" }, { "name": "CVE-2025-4091", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4091" }, { "name": "CVE-2025-4092", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4092" }, { "name": "CVE-2023-53034", "url": "https://www.cve.org/CVERecord?id=CVE-2023-53034" }, { "name": "CVE-2024-46742", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46742" }, { "name": "CVE-2025-21853", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21853" }, { "name": "CVE-2025-22025", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22025" }, { "name": "CVE-2025-22027", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22027" }, { "name": "CVE-2025-22035", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22035" }, { "name": "CVE-2025-22044", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22044" }, { "name": "CVE-2025-22045", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22045" }, { "name": "CVE-2025-22050", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22050" }, { "name": "CVE-2025-22054", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22054" }, { "name": "CVE-2025-22055", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22055" }, { "name": "CVE-2025-22056", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22056" }, { "name": "CVE-2025-22060", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22060" }, { "name": "CVE-2025-22063", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22063" }, { "name": "CVE-2025-22066", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22066" }, { "name": "CVE-2025-22071", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22071" }, { "name": "CVE-2025-22073", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22073" }, { "name": "CVE-2025-22075", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22075" }, { "name": "CVE-2025-22079", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22079" }, { "name": "CVE-2025-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22081" }, { "name": "CVE-2025-22086", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22086" }, { "name": "CVE-2025-22089", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22089" }, { "name": "CVE-2025-22097", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22097" }, { "name": "CVE-2025-23136", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23136" }, { "name": "CVE-2025-23138", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23138" }, { "name": "CVE-2025-37785", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785" }, { "name": "CVE-2025-37838", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37838" }, { "name": "CVE-2025-38152", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38152" }, { "name": "CVE-2025-38575", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38575" }, { "name": "CVE-2025-38637", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38637" }, { "name": "CVE-2025-39728", "url": "https://www.cve.org/CVERecord?id=CVE-2025-39728" }, { "name": "CVE-2025-39735", "url": "https://www.cve.org/CVERecord?id=CVE-2025-39735" }, { "name": "CVE-2025-27516", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516" }, { "name": "CVE-2025-29087", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29087" }, { "name": "CVE-2025-3277", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3277" }, { "name": "CVE-2025-4609", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4609" }, { "name": "CVE-2025-4664", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4664" }, { "name": "CVE-2025-4372", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4372" }, { "name": "CVE-2025-4516", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516" }, { "name": "CVE-2025-22233", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233" }, { "name": "CVE-2024-55549", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549" }, { "name": "CVE-2024-9287", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287" }, { "name": "CVE-2025-24855", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855" }, { "name": "CVE-2025-4918", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4918" }, { "name": "CVE-2025-4919", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4919" }, { "name": "CVE-2025-41232", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41232" }, { "name": "CVE-2025-23165", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165" }, { "name": "CVE-2025-23166", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166" }, { "name": "CVE-2025-5063", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5063" }, { "name": "CVE-2025-5064", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5064" }, { "name": "CVE-2025-5065", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5065" }, { "name": "CVE-2025-5066", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5066" }, { "name": "CVE-2025-5067", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5067" }, { "name": "CVE-2025-32414", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414" }, { "name": "CVE-2025-32415", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415" }, { "name": "CVE-2022-49728", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49728" }, { "name": "CVE-2024-58093", "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093" }, { "name": "CVE-2025-22018", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22018" }, { "name": "CVE-2025-22020", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020" }, { "name": "CVE-2025-22062", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22062" }, { "name": "CVE-2025-23145", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23145" }, { "name": "CVE-2025-37798", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37798" }, { "name": "CVE-2025-37749", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749" }, { "name": "CVE-2025-22869", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869" }, { "name": "CVE-2025-5263", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5263" }, { "name": "CVE-2025-5264", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5264" }, { "name": "CVE-2025-5265", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5265" }, { "name": "CVE-2025-5266", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5266" }, { "name": "CVE-2025-5267", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5267" }, { "name": "CVE-2025-5268", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5268" }, { "name": "CVE-2025-5270", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5270" }, { "name": "CVE-2025-5271", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5271" }, { "name": "CVE-2025-5272", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5272" }, { "name": "CVE-2025-5281", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5281" }, { "name": "CVE-2025-5283", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283" }, { "name": "CVE-2025-46701", "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701" }, { "name": "CVE-2025-22021", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22021" }, { "name": "CVE-2025-23140", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23140" }, { "name": "CVE-2025-23142", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23142" }, { "name": "CVE-2025-23144", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23144" }, { "name": "CVE-2025-23146", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23146" }, { "name": "CVE-2025-23147", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23147" }, { "name": "CVE-2025-23148", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23148" }, { "name": "CVE-2025-23150", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23150" }, { "name": "CVE-2025-23151", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23151" }, { "name": "CVE-2025-23156", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23156" }, { "name": "CVE-2025-23157", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23157" }, { "name": "CVE-2025-23158", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23158" }, { "name": "CVE-2025-23159", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23159" }, { "name": "CVE-2025-23161", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23161" }, { "name": "CVE-2025-23163", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23163" }, { "name": "CVE-2025-37738", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37738" }, { "name": "CVE-2025-37739", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37739" }, { "name": "CVE-2025-37740", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37740" }, { "name": "CVE-2025-37741", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37741" }, { "name": "CVE-2025-37742", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37742" }, { "name": "CVE-2025-37756", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37756" }, { "name": "CVE-2025-37757", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37757" }, { "name": "CVE-2025-37758", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37758" }, { "name": "CVE-2025-37765", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37765" }, { "name": "CVE-2025-37766", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37766" }, { "name": "CVE-2025-37767", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37767" }, { "name": "CVE-2025-37768", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37768" }, { "name": "CVE-2025-37770", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37770" }, { "name": "CVE-2025-37771", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37771" }, { "name": "CVE-2025-37773", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37773" }, { "name": "CVE-2025-37780", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37780" }, { "name": "CVE-2025-37781", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37781" }, { "name": "CVE-2025-37787", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37787" }, { "name": "CVE-2025-37788", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37788" }, { "name": "CVE-2025-37789", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37789" }, { "name": "CVE-2025-37790", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37790" }, { "name": "CVE-2025-37792", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37792" }, { "name": "CVE-2025-37794", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37794" }, { "name": "CVE-2025-37796", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37796" }, { "name": "CVE-2025-37797", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797" }, { "name": "CVE-2025-37803", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37803" }, { "name": "CVE-2025-37805", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37805" }, { "name": "CVE-2025-37808", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37808" }, { "name": "CVE-2025-37810", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37810" }, { "name": "CVE-2025-37811", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37811" }, { "name": "CVE-2025-37812", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37812" }, { "name": "CVE-2025-37817", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37817" }, { "name": "CVE-2025-37823", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37823" }, { "name": "CVE-2025-37824", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37824" }, { "name": "CVE-2025-37829", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37829" }, { "name": "CVE-2025-37830", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37830" }, { "name": "CVE-2025-37836", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37836" }, { "name": "CVE-2025-37839", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37839" }, { "name": "CVE-2025-37840", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37840" }, { "name": "CVE-2025-37841", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37841" }, { "name": "CVE-2025-37844", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37844" }, { "name": "CVE-2025-37850", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37850" }, { "name": "CVE-2025-37851", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37851" }, { "name": "CVE-2025-37857", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37857" }, { "name": "CVE-2025-37858", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37858" }, { "name": "CVE-2025-37859", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37859" }, { "name": "CVE-2025-37862", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37862" }, { "name": "CVE-2025-37867", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37867" }, { "name": "CVE-2025-37871", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37871" }, { "name": "CVE-2025-37875", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37875" }, { "name": "CVE-2025-37881", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37881" }, { "name": "CVE-2025-37883", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37883" }, { "name": "CVE-2025-37885", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37885" }, { "name": "CVE-2025-37889", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37889" }, { "name": "CVE-2025-37892", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37892" }, { "name": "CVE-2025-37937", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37937" }, { "name": "CVE-2025-37940", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37940" }, { "name": "CVE-2025-37982", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37982" }, { "name": "CVE-2025-37983", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37983" }, { "name": "CVE-2025-37985", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37985" }, { "name": "CVE-2025-37989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37989" }, { "name": "CVE-2025-37819", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37819" }, { "name": "CVE-2025-37890", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890" }, { "name": "CVE-2025-37905", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37905" }, { "name": "CVE-2025-37909", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37909" }, { "name": "CVE-2025-37911", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37911" }, { "name": "CVE-2025-37912", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37912" }, { "name": "CVE-2025-37913", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37913" }, { "name": "CVE-2025-37914", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37914" }, { "name": "CVE-2025-37915", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37915" }, { "name": "CVE-2025-37923", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37923" }, { "name": "CVE-2025-37927", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37927" }, { "name": "CVE-2025-37930", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37930" }, { "name": "CVE-2025-37932", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37932" }, { "name": "CVE-2025-37949", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37949" }, { "name": "CVE-2025-37964", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37964" }, { "name": "CVE-2025-37967", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37967" }, { "name": "CVE-2025-37969", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37969" }, { "name": "CVE-2025-37970", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37970" }, { "name": "CVE-2025-37990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37990" }, { "name": "CVE-2025-37991", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37991" }, { "name": "CVE-2025-5068", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5068" }, { "name": "CVE-2025-5419", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5419" }, { "name": "CVE-2025-27144", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27144" }, { "name": "CVE-2025-49709", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49709" }, { "name": "CVE-2025-49710", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49710" }, { "name": "CVE-2023-6779", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6779" }, { "name": "CVE-2023-6780", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6780" }, { "name": "CVE-2024-12133", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133" }, { "name": "CVE-2024-12243", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243" }, { "name": "CVE-2024-2236", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236" }, { "name": "CVE-2024-56433", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56433" }, { "name": "CVE-2025-0395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395" }, { "name": "CVE-2025-1390", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1390" }, { "name": "CVE-2025-29088", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29088" }, { "name": "CVE-2025-31115", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31115" }, { "name": "CVE-2025-4598", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598" }, { "name": "CVE-2025-5958", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5958" }, { "name": "CVE-2025-5959", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5959" }, { "name": "CVE-2025-41234", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234" }, { "name": "CVE-2025-49146", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146" }, { "name": "CVE-2025-48988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988" }, { "name": "CVE-2025-49124", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124" }, { "name": "CVE-2025-49125", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125" }, { "name": "CVE-2025-6191", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6191" }, { "name": "CVE-2025-6192", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6192" }, { "name": "CVE-2024-53427", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427" }, { "name": "CVE-2024-56406", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56406" }, { "name": "CVE-2025-22872", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872" }, { "name": "CVE-2025-4802", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802" }, { "name": "CVE-2022-49168", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49168" }, { "name": "CVE-2025-37998", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37998" }, { "name": "CVE-2023-42366", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42366" }, { "name": "CVE-2025-6424", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6424" }, { "name": "CVE-2025-6425", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6425" }, { "name": "CVE-2025-6426", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6426" }, { "name": "CVE-2025-6427", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6427" }, { "name": "CVE-2025-6429", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6429" }, { "name": "CVE-2025-6430", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6430" }, { "name": "CVE-2025-6432", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6432" }, { "name": "CVE-2025-6433", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6433" }, { "name": "CVE-2025-6434", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6434" }, { "name": "CVE-2025-6020", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020" }, { "name": "CVE-2025-6555", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6555" }, { "name": "CVE-2025-6556", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6556" }, { "name": "CVE-2025-6557", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6557" }, { "name": "CVE-2025-6435", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6435" }, { "name": "CVE-2025-6436", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6436" }, { "name": "CVE-2025-6554", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6554" }, { "name": "CVE-2025-6021", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021" }, { "name": "CVE-2022-49636", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49636" }, { "name": "CVE-2025-37997", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37997" }, { "name": "CVE-2025-38000", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38000" }, { "name": "CVE-2025-38001", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38001" }, { "name": "CVE-2025-32462", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462" }, { "name": "CVE-2025-52520", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520" }, { "name": "CVE-2025-53506", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506" }, { "name": "CVE-2024-47081", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081" }, { "name": "CVE-2025-3576", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576" }, { "name": "CVE-2025-47268", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268" }, { "name": "CVE-2025-37992", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37992" }, { "name": "CVE-2025-37994", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37994" }, { "name": "CVE-2025-37995", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37995" }, { "name": "CVE-2025-38005", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38005" }, { "name": "CVE-2025-38009", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38009" }, { "name": "CVE-2025-38023", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38023" }, { "name": "CVE-2025-38024", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38024" }, { "name": "CVE-2025-38083", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38083" }, { "name": "CVE-2025-22227", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227" }, { "name": "CVE-2025-6558", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558" }, { "name": "CVE-2025-7656", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7656" }, { "name": "CVE-2025-7657", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7657" }, { "name": "CVE-2025-30749", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749" }, { "name": "CVE-2025-30754", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754" }, { "name": "CVE-2025-50059", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059" }, { "name": "CVE-2025-50106", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106" }, { "name": "CVE-2025-50088", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088" }, { "name": "CVE-2025-48734", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734" }, { "name": "CVE-2022-21546", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21546" }, { "name": "CVE-2020-16156", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156" }, { "name": "CVE-2025-8010", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8010" }, { "name": "CVE-2025-8011", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8011" }, { "name": "CVE-2025-8027", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8027" }, { "name": "CVE-2025-8028", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8028" }, { "name": "CVE-2025-8029", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8029" }, { "name": "CVE-2025-8030", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8030" }, { "name": "CVE-2025-8031", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8031" }, { "name": "CVE-2025-8032", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8032" }, { "name": "CVE-2025-8033", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8033" }, { "name": "CVE-2025-8034", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8034" }, { "name": "CVE-2025-8035", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8035" }, { "name": "CVE-2025-8036", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8036" }, { "name": "CVE-2025-8037", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8037" }, { "name": "CVE-2025-8038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8038" }, { "name": "CVE-2025-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8039" }, { "name": "CVE-2025-8040", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8040" }, { "name": "CVE-2025-8041", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8041" }, { "name": "CVE-2025-8043", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8043" }, { "name": "CVE-2025-8044", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8044" }, { "name": "CVE-2024-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337" }, { "name": "CVE-2024-45339", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339" }, { "name": "CVE-2024-47611", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611" }, { "name": "CVE-2025-0913", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913" }, { "name": "CVE-2025-22874", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874" }, { "name": "CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "name": "CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "name": "CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "name": "CVE-2025-38177", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38177" }, { "name": "CVE-2025-4673", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673" }, { "name": "CVE-2025-48060", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060" }, { "name": "CVE-2025-4877", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4877" }, { "name": "CVE-2025-4878", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878" }, { "name": "CVE-2025-48924", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924" }, { "name": "CVE-2025-50181", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181" }, { "name": "CVE-2025-5318", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318" }, { "name": "CVE-2025-5372", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372" }, { "name": "CVE-2025-5914", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914" }, { "name": "CVE-2025-5915", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915" }, { "name": "CVE-2025-5916", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916" }, { "name": "CVE-2025-5917", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917" }, { "name": "CVE-2025-6069", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069" }, { "name": "CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "name": "CVE-2025-38094", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38094" }, { "name": "CVE-2025-8194", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194" }, { "name": "CVE-2025-8292", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8292" }, { "name": "CVE-2025-7424", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7424" }, { "name": "CVE-2025-7425", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425" }, { "name": "CVE-2025-50182", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182" }, { "name": "CVE-2025-5889", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889" }, { "name": "CVE-2025-8576", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8576" }, { "name": "CVE-2025-8577", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8577" }, { "name": "CVE-2025-8578", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8578" }, { "name": "CVE-2025-8579", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8579" }, { "name": "CVE-2025-8580", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8580" }, { "name": "CVE-2025-8581", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8581" }, { "name": "CVE-2025-8582", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8582" }, { "name": "CVE-2025-8583", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8583" }, { "name": "CVE-2025-27210", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210" }, { "name": "CVE-2025-27817", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27817" }, { "name": "CVE-2025-27818", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27818" }, { "name": "CVE-2025-8879", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8879" }, { "name": "CVE-2025-8880", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8880" }, { "name": "CVE-2025-8881", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8881" }, { "name": "CVE-2025-8882", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8882" }, { "name": "CVE-2025-8901", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8901" }, { "name": "CVE-2025-48989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989" }, { "name": "CVE-2025-7339", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339" }, { "name": "CVE-2025-7783", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783" }, { "name": "CVE-2021-32256", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32256" }, { "name": "CVE-2024-25260", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260" }, { "name": "CVE-2025-1371", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371" }, { "name": "CVE-2025-1376", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376" }, { "name": "CVE-2025-1377", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377" }, { "name": "CVE-2025-47273", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273" }, { "name": "CVE-2025-48964", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964" }, { "name": "CVE-2025-49794", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794" }, { "name": "CVE-2025-49796", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796" }, { "name": "CVE-2025-41242", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242" }, { "name": "CVE-2025-9132", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9132" }, { "name": "CVE-2025-54988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988" }, { "name": "CVE-2025-6965", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965" }, { "name": "CVE-2024-13009", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009" }, { "name": "CVE-2025-55668", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668" }, { "name": "CVE-2025-4674", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674" }, { "name": "CVE-2025-47907", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907" }, { "name": "CVE-2025-52999", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999" }, { "name": "CVE-2025-55163", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163" }, { "name": "CVE-2025-8941", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8941" }, { "name": "CVE-2025-9288", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9288" }, { "name": "CVE-2005-2541", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2541" }, { "name": "CVE-2008-5727", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5727" }, { "name": "CVE-2008-5728", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5728" }, { "name": "CVE-2008-5729", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5729" }, { "name": "CVE-2008-5730", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5730" }, { "name": "CVE-2008-5742", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5742" }, { "name": "CVE-2011-3374", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3374" }, { "name": "CVE-2014-4715", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4715" }, { "name": "CVE-2015-2214", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2214" }, { "name": "CVE-2016-0682", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0682" }, { "name": "CVE-2016-0689", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0689" }, { "name": "CVE-2016-0692", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0692" }, { "name": "CVE-2016-0694", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0694" }, { "name": "CVE-2016-2149", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2149" }, { "name": "CVE-2016-2160", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2160" }, { "name": "CVE-2016-3418", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3418" }, { "name": "CVE-2017-10140", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10140" }, { "name": "CVE-2017-12195", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12195" }, { "name": "CVE-2017-12629", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12629" }, { "name": "CVE-2017-3604", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3604" }, { "name": "CVE-2017-3605", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3605" }, { "name": "CVE-2017-3606", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3606" }, { "name": "CVE-2017-3607", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3607" }, { "name": "CVE-2017-3608", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3608" }, { "name": "CVE-2017-3609", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3609" }, { "name": "CVE-2017-3610", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3610" }, { "name": "CVE-2017-3611", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3611" }, { "name": "CVE-2017-3612", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3612" }, { "name": "CVE-2017-3613", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3613" }, { "name": "CVE-2017-3614", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3614" }, { "name": "CVE-2017-3615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3615" }, { "name": "CVE-2017-3616", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3616" }, { "name": "CVE-2017-3617", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3617" }, { "name": "CVE-2018-1000169", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000169" }, { "name": "CVE-2018-1196", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1196" }, { "name": "CVE-2018-1273", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1273" }, { "name": "CVE-2019-10782", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10782" }, { "name": "CVE-2019-9658", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9658" }, { "name": "CVE-2020-2981", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2981" }, { "name": "CVE-2021-20298", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20298" }, { "name": "CVE-2021-20304", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20304" }, { "name": "CVE-2021-22055", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22055" }, { "name": "CVE-2021-23169", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23169" }, { "name": "CVE-2021-3236", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3236" }, { "name": "CVE-2022-0635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0635" }, { "name": "CVE-2022-0667", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0667" }, { "name": "CVE-2022-3219", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3219" }, { "name": "CVE-2022-39046", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39046" }, { "name": "CVE-2022-42010", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42010" }, { "name": "CVE-2022-42011", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42011" }, { "name": "CVE-2022-42012", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42012" }, { "name": "CVE-2022-44638", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44638" }, { "name": "CVE-2023-31437", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31437" }, { "name": "CVE-2023-31438", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31438" }, { "name": "CVE-2023-31439", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31439" }, { "name": "CVE-2023-37769", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37769" }, { "name": "CVE-2023-39810", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39810" }, { "name": "CVE-2023-4156", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4156" }, { "name": "CVE-2023-4320", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4320" }, { "name": "CVE-2023-43785", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785" }, { "name": "CVE-2023-43786", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786" }, { "name": "CVE-2023-43787", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787" }, { "name": "CVE-2023-46129", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46129" }, { "name": "CVE-2023-47039", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47039" }, { "name": "CVE-2023-5189", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5189" }, { "name": "CVE-2024-11584", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11584" }, { "name": "CVE-2024-21742", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21742" }, { "name": "CVE-2024-22047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22047" }, { "name": "CVE-2024-2397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2397" }, { "name": "CVE-2024-26462", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26462" }, { "name": "CVE-2024-31047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31047" }, { "name": "CVE-2024-3220", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3220" }, { "name": "CVE-2024-58251", "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251" }, { "name": "CVE-2024-6174", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6174" }, { "name": "CVE-2024-7012", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7012" }, { "name": "CVE-2025-1352", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1352" }, { "name": "CVE-2025-1365", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1365" }, { "name": "CVE-2025-1372", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1372" }, { "name": "CVE-2025-24294", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24294" }, { "name": "CVE-2025-26519", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26519" }, { "name": "CVE-2025-27587", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27587" }, { "name": "CVE-2025-30258", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30258" }, { "name": "CVE-2025-31672", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31672" }, { "name": "CVE-2025-40909", "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909" }, { "name": "CVE-2025-43857", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43857" }, { "name": "CVE-2025-45582", "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582" }, { "name": "CVE-2025-45768", "url": "https://www.cve.org/CVERecord?id=CVE-2025-45768" }, { "name": "CVE-2025-46392", "url": "https://www.cve.org/CVERecord?id=CVE-2025-46392" }, { "name": "CVE-2025-46394", "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394" }, { "name": "CVE-2025-49795", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49795" }, { "name": "CVE-2025-5115", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5115" }, { "name": "CVE-2025-5222", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5222" }, { "name": "CVE-2025-5278", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5278" }, { "name": "CVE-2025-53864", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864" }, { "name": "CVE-2025-6170", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6170" }, { "name": "CVE-2025-6297", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6297" }, { "name": "CVE-2025-7962", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962" }, { "name": "CVE-2025-8058", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8058" }, { "name": "CVE-2025-8262", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8262" }, { "name": "CVE-2025-8732", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8732" }, { "name": "CVE-2025-8885", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885" }, { "name": "CVE-2025-8916", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916" }, { "name": "CVE-2025-9179", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9179" }, { "name": "CVE-2025-9180", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9180" }, { "name": "CVE-2025-9181", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9181" }, { "name": "CVE-2025-9182", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9182" }, { "name": "CVE-2025-9183", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9183" }, { "name": "CVE-2025-9184", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9184" }, { "name": "CVE-2025-9185", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9185" }, { "name": "CVE-2025-9187", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9187" }, { "name": "CVE-2025-9308", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9308" } ], "initial_release_date": "2025-09-05T00:00:00", "last_revision_date": "2025-09-05T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0756", "revisions": [ { "description": "Version initiale", "revision_date": "2025-09-05T00:00:00.000000" } ], "risks": [ { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware", "vendor_advisories": [ { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36093", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36093" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36102", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36102" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36101", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36101" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36100", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36100" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36105", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36105" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36091", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36091" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36078", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36078" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36107", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36107" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36094", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36094" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36097", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36097" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-46", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36104" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36108", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36108" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36095", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36095" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-09", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36090" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36096", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36096" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36106", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36106" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36109", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36109" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36098", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36098" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36111" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36103", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36103" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36099", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36099" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36092", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36092" }, { "published_at": "2025-09-04", "title": "Bulletin de s\u00e9curit\u00e9 VMware 36110", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36110" } ] }
ncsc-2025-0246
Vulnerability from csaf_ncscnl
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als SIMATIC, SINEC, SIMAC, RUGGEDCOM, SIMOTION, SINAMICS, SIPROTEC en SINUMERIK.", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Cross-Site Scripting\n* Manipulatie van gegevens\n* Omzeilen van een beveiligingsmaatregel \n* (Remote) code execution (SYSTEM rechten) \n* (Remote) code execution (Gebruikersrechten)\n* Toegang tot gevoelige gegevens\n* Verhogen van rechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", "title": "Interpretaties" }, { "category": "description", "text": "Siemens heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Certificate Validation", "title": "CWE-295" }, { "category": "general", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "general", "text": "Improper Restriction of XML External Entity Reference", "title": "CWE-611" }, { "category": "general", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "general", "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "title": "CWE-120" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Multiple Releases of Same Resource or Handle", "title": "CWE-1341" }, { "category": "general", "text": "Irrelevant Code", "title": "CWE-1164" }, { "category": "general", "text": "Least Privilege Violation", "title": "CWE-272" }, { "category": "general", "text": "Incorrect Calculation of Buffer Size", "title": "CWE-131" }, { "category": "general", "text": "Insufficiently Protected Credentials", "title": "CWE-522" }, { "category": "general", "text": "Improper Locking", "title": "CWE-667" }, { "category": "general", "text": "Expected Behavior Violation", "title": "CWE-440" }, { "category": "general", "text": "Double Free", "title": "CWE-415" }, { "category": "general", "text": "Reachable Assertion", "title": "CWE-617" }, { "category": "general", "text": "Uncontrolled Search Path Element", "title": "CWE-427" }, { "category": "general", "text": "Integer Overflow to Buffer Overflow", "title": "CWE-680" }, { "category": "general", "text": "Authentication Bypass Using an Alternate Path or Channel", "title": "CWE-288" }, { "category": "general", "text": "Channel Accessible by Non-Endpoint", "title": "CWE-300" }, { "category": "general", "text": "Cleartext Storage of Sensitive Information", "title": "CWE-312" }, { "category": "general", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "Execution with Unnecessary Privileges", "title": "CWE-250" }, { "category": "general", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "NULL Pointer Dereference", "title": "CWE-476" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-094954.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-177847.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-186293.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-282044.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-493396.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-493787.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-517338.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-665108.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-674084.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-707630.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-894058.html" } ], "title": "Kwetsbaarheden verholpen in Siemens producten", "tracking": { "current_release_date": "2025-08-12T13:03:08.211775Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.2" } }, "id": "NCSC-2025-0246", "initial_release_date": "2025-08-12T13:03:08.211775Z", "revision_history": [ { "date": "2025-08-12T13:03:08.211775Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046293" } } ], "category": "product_name", "name": "RUGGEDCOM ROX MX5000" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046294" } } ], "category": "product_name", "name": "RUGGEDCOM ROX MX5000RE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046295" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1400" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046296" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1500" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046297" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1501" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046298" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1510" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046299" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1511" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046300" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1512" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046301" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1524" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046302" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1536" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046303" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX5000" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046192" } } ], "category": "product_name", "name": "SIMATIC Automation Tool" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046193" } } ], "category": "product_name", "name": "SIMATIC Automation Tool SDK Windows" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046194" } } ], "category": "product_name", "name": "SIMATIC BATCH V10.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-1296857" } } ], "category": "product_name", "name": "SIMATIC BATCH V9.1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046195" } } ], "category": "product_name", "name": "SIMATIC Control Function Library (CFL) V1.0.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046196" } } ], "category": "product_name", "name": "SIMATIC Control Function Library (CFL) V2.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046197" } } ], "category": "product_name", "name": "SIMATIC Control Function Library (CFL) V3.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046198" } } ], "category": "product_name", "name": "SIMATIC Control Function Library (CFL) V4.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046204" } } ], "category": "product_name", "name": "SIMATIC Energy Suite V17" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046205" } } ], "category": "product_name", "name": "SIMATIC Energy Suite V18" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046206" } } ], "category": "product_name", "name": "SIMATIC Energy Suite V19" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046207" } } ], "category": "product_name", "name": "SIMATIC Logon V1.6" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046208" } } ], "category": "product_name", "name": "SIMATIC Logon V2.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046212" } } ], "category": "product_name", "name": "SIMATIC MTP CREATOR V3.x" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046213" } } ], "category": "product_name", "name": "SIMATIC MTP CREATOR V4.x" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046211" } } ], "category": "product_name", "name": "SIMATIC MTP CREATOR\u00a0V2.x" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046214" } } ], "category": "product_name", "name": "SIMATIC MTP CREATOR\u00a0V5.x" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046215" } } ], "category": "product_name", "name": "SIMATIC MTP Integrator V1.x" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046216" } } ], "category": "product_name", "name": "SIMATIC MTP Integrator V2.x" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046209" } } ], "category": "product_name", "name": "SIMATIC Management Agent" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046210" } } ], "category": "product_name", "name": "SIMATIC Management Console" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-1426215" } } ], "category": "product_name", "name": "SIMATIC NET PC Software V16" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-1296547" } } ], "category": "product_name", "name": "SIMATIC NET PC Software V17" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046217" } } ], "category": "product_name", "name": "SIMATIC NET PC Software V18" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046218" } } ], "category": "product_name", "name": "SIMATIC NET PC Software V19" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv4.0", "product": { "name": "vers:unknown/\u003cv4.0", "product_id": "CSAFPID-2963002" } } ], "category": "product_name", "name": "SINEC NMS" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046325" } }, { "category": "product_version_range", "name": "vers:unknown/\u003cv3.0", "product": { "name": "vers:unknown/\u003cv3.0", "product_id": "CSAFPID-3046324" } } ], "category": "product_name", "name": "SINEC Traffic Analyzer" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3045960" } } ], "category": "product_name", "name": "SIMOTION SCOUT TIA V5.4" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3045961" } } ], "category": "product_name", "name": "SIMOTION SCOUT TIA V5.5" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv5.6sp1hf7", "product": { "name": "vers:unknown/\u003cv5.6sp1hf7", "product_id": "CSAFPID-3045962" } } ], "category": "product_name", "name": "SIMOTION SCOUT TIA V5.6" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046175" } }, { "category": "product_version_range", "name": "vers:unknown/\u003cv5.7sp1hf1", "product": { "name": "vers:unknown/\u003cv5.7sp1hf1", "product_id": "CSAFPID-3046304" } } ], "category": "product_name", "name": "SIMOTION SCOUT TIA V5.7" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046305" } } ], "category": "product_name", "name": "SIMOTION SCOUT V5.4" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c*", "product": { "name": "vers:unknown/\u003c*", "product_id": "CSAFPID-3046306" } } ], "category": "product_name", "name": "SIMOTION SCOUT V5.5" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv5.6sp1hf7", "product": { "name": "vers:unknown/\u003cv5.6sp1hf7", "product_id": "CSAFPID-3046307" } } ], "category": "product_name", "name": "SIMOTION SCOUT V5.6" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv5.7sp1hf1", "product": { "name": "vers:unknown/\u003cv5.7sp1hf1", "product_id": "CSAFPID-3046308" } } ], "category": "product_name", "name": "SIMOTION SCOUT V5.7" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045854" } } ], "category": "product_name", "name": "SIPROTEC 5 6MD84 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045855" } } ], "category": "product_name", "name": "SIPROTEC 5 6MD85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045856" } } ], "category": "product_name", "name": "SIPROTEC 5 6MD86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045857" } } ], "category": "product_name", "name": "SIPROTEC 5 6MD89 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045858" } } ], "category": "product_name", "name": "SIPROTEC 5 6MU85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045859" } } ], "category": "product_name", "name": "SIPROTEC 5 7KE85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045860" } } ], "category": "product_name", "name": "SIPROTEC 5 7SA82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045861" } } ], "category": "product_name", "name": "SIPROTEC 5 7SA86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045862" } } ], "category": "product_name", "name": "SIPROTEC 5 7SA87 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045863" } } ], "category": "product_name", "name": "SIPROTEC 5 7SD82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045864" } } ], "category": "product_name", "name": "SIPROTEC 5 7SD86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045865" } } ], "category": "product_name", "name": "SIPROTEC 5 7SD87 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045866" } } ], "category": "product_name", "name": "SIPROTEC 5 7SJ81 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045867" } } ], "category": "product_name", "name": "SIPROTEC 5 7SJ82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045868" } } ], "category": "product_name", "name": "SIPROTEC 5 7SJ85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045869" } } ], "category": "product_name", "name": "SIPROTEC 5 7SJ86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045870" } } ], "category": "product_name", "name": "SIPROTEC 5 7SK82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045871" } } ], "category": "product_name", "name": "SIPROTEC 5 7SK85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045872" } } ], "category": "product_name", "name": "SIPROTEC 5 7SL82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045873" } } ], "category": "product_name", "name": "SIPROTEC 5 7SL86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045874" } } ], "category": "product_name", "name": "SIPROTEC 5 7SL87 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045875" } } ], "category": "product_name", "name": "SIPROTEC 5 7SS85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045876" } } ], "category": "product_name", "name": "SIPROTEC 5 7ST85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045877" } } ], "category": "product_name", "name": "SIPROTEC 5 7ST86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045878" } } ], "category": "product_name", "name": "SIPROTEC 5 7SX82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045879" } } ], "category": "product_name", "name": "SIPROTEC 5 7SX85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045880" } } ], "category": "product_name", "name": "SIPROTEC 5 7SY82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045881" } } ], "category": "product_name", "name": "SIPROTEC 5 7UM85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045882" } } ], "category": "product_name", "name": "SIPROTEC 5 7UT82 (CP150)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045883" } } ], "category": "product_name", "name": "SIPROTEC 5 7UT85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045884" } } ], "category": "product_name", "name": "SIPROTEC 5 7UT86 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045885" } } ], "category": "product_name", "name": "SIPROTEC 5 7UT87 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045886" } } ], "category": "product_name", "name": "SIPROTEC 5 7VE85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/v7.80|\u003cv10.0", "product": { "name": "vers:unknown/v7.80|\u003cv10.0", "product_id": "CSAFPID-3045887" } } ], "category": "product_name", "name": "SIPROTEC 5 7VK87 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045888" } } ], "category": "product_name", "name": "SIPROTEC 5 7VU85 (CP300)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv10.0", "product": { "name": "vers:unknown/\u003cv10.0", "product_id": "CSAFPID-3045889" } } ], "category": "product_name", "name": "SIPROTEC 5 Compact 7SX800 (CP050)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv4.95sp5", "product": { "name": "vers:unknown/\u003cv4.95sp5", "product_id": "CSAFPID-3046312" } } ], "category": "product_name", "name": "SINUMERIK 828D PPU.4" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv5.25sp1", "product": { "name": "vers:unknown/\u003cv5.25sp1", "product_id": "CSAFPID-3046313" } } ], "category": "product_name", "name": "SINUMERIK 828D PPU.5" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv4.95sp5", "product": { "name": "vers:unknown/\u003cv4.95sp5", "product_id": "CSAFPID-3046314" } } ], "category": "product_name", "name": "SINUMERIK 840D sl" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv1.25sp1", "product": { "name": "vers:unknown/\u003cv1.25sp1", "product_id": "CSAFPID-3046315" } } ], "category": "product_name", "name": "SINUMERIK MC" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv1.15sp5", "product": { "name": "vers:unknown/\u003cv1.15sp5", "product_id": "CSAFPID-3046316" } } ], "category": "product_name", "name": "SINUMERIK MC V1.15" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv6.25sp1", "product": { "name": "vers:unknown/\u003cv6.25sp1", "product_id": "CSAFPID-3046317" } } ], "category": "product_name", "name": "SINUMERIK ONE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003cv6.15sp5", "product": { "name": "vers:unknown/\u003cv6.15sp5", "product_id": "CSAFPID-3046318" } } ], "category": "product_name", "name": "SINUMERIK ONE V6.15" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-0395", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "other", "text": "Incorrect Calculation of Buffer Size", "title": "CWE-131" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-0395 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0395.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-0395" }, { "cve": "CVE-2025-0665", "cwe": { "id": "CWE-1341", "name": "Multiple Releases of Same Resource or Handle" }, "notes": [ { "category": "other", "text": "Multiple Releases of Same Resource or Handle", "title": "CWE-1341" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-0665 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0665.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-0665" }, { "cve": "CVE-2025-0725", "cwe": { "id": "CWE-680", "name": "Integer Overflow to Buffer Overflow" }, "notes": [ { "category": "other", "text": "Integer Overflow to Buffer Overflow", "title": "CWE-680" }, { "category": "other", "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "title": "CWE-120" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-0725 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0725.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-0725" }, { "cve": "CVE-2025-1390", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-1390 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1390.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-1390" }, { "cve": "CVE-2025-3277", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-3277 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3277.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-3277" }, { "cve": "CVE-2025-3360", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-3360 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3360.json" } ], "title": "CVE-2025-3360" }, { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-6395 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6395.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-6395" }, { "cve": "CVE-2025-21694", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "other", "text": "Improper Locking", "title": "CWE-667" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-21694 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21694.json" } ], "title": "CVE-2025-21694" }, { "cve": "CVE-2025-29087", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-29087 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-29087.json" } ], "title": "CVE-2025-29087" }, { "cve": "CVE-2025-29088", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "other", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-29088 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-29088.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-29088" }, { "cve": "CVE-2025-30033", "cwe": { "id": "CWE-427", "name": "Uncontrolled Search Path Element" }, "notes": [ { "category": "other", "text": "Uncontrolled Search Path Element", "title": "CWE-427" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30033 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-30033.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-30033" }, { "cve": "CVE-2025-30034", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "other", "text": "Reachable Assertion", "title": "CWE-617" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30034 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-30034.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-30034" }, { "cve": "CVE-2025-32728", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "notes": [ { "category": "other", "text": "Expected Behavior Violation", "title": "CWE-440" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-32728 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-32728" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-32988 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-32988" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "other", "text": "Improper Certificate Validation", "title": "CWE-295" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-32989 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32989.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-32989" }, { "cve": "CVE-2025-32990", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-32990 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json" } ], "title": "CVE-2025-32990" }, { "cve": "CVE-2025-33023", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-33023 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-33023.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-33023" }, { "cve": "CVE-2025-40570", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "other", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40570 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40570.json" } ], "scores": [ { "cvss_v3": { "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40570" }, { "cve": "CVE-2025-40584", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "notes": [ { "category": "other", "text": "Improper Restriction of XML External Entity Reference", "title": "CWE-611" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40584 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40584.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40584" }, { "cve": "CVE-2025-40743", "cwe": { "id": "CWE-288", "name": "Authentication Bypass Using an Alternate Path or Channel" }, "notes": [ { "category": "other", "text": "Authentication Bypass Using an Alternate Path or Channel", "title": "CWE-288" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40743 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40743.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40743" }, { "cve": "CVE-2025-40746", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40746 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40746.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40746" }, { "cve": "CVE-2025-40751", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "notes": [ { "category": "other", "text": "Insufficiently Protected Credentials", "title": "CWE-522" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40751 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40751.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40751" }, { "cve": "CVE-2025-40752", "cwe": { "id": "CWE-312", "name": "Cleartext Storage of Sensitive Information" }, "notes": [ { "category": "other", "text": "Cleartext Storage of Sensitive Information", "title": "CWE-312" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40752 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40752.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40752" }, { "cve": "CVE-2025-40753", "cwe": { "id": "CWE-312", "name": "Cleartext Storage of Sensitive Information" }, "notes": [ { "category": "other", "text": "Cleartext Storage of Sensitive Information", "title": "CWE-312" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40753 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40753.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40753" }, { "cve": "CVE-2025-40759", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40759 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40759.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40759" }, { "cve": "CVE-2025-40761", "cwe": { "id": "CWE-288", "name": "Authentication Bypass Using an Alternate Path or Channel" }, "notes": [ { "category": "other", "text": "Authentication Bypass Using an Alternate Path or Channel", "title": "CWE-288" }, { "category": "general", "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40761 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40761.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40761" }, { "cve": "CVE-2025-40762", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "other", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40762 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40762.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40762" }, { "cve": "CVE-2025-40764", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40764 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40764.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40764" }, { "cve": "CVE-2025-40766", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "other", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40766 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40766.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40766" }, { "cve": "CVE-2025-40767", "cwe": { "id": "CWE-250", "name": "Execution with Unnecessary Privileges" }, "notes": [ { "category": "other", "text": "Execution with Unnecessary Privileges", "title": "CWE-250" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40767 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40767.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40767" }, { "cve": "CVE-2025-40768", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40768 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40768.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40768" }, { "cve": "CVE-2025-40769", "cwe": { "id": "CWE-1164", "name": "Irrelevant Code" }, "notes": [ { "category": "other", "text": "Irrelevant Code", "title": "CWE-1164" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40769 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40769.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40769" }, { "cve": "CVE-2025-40770", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "notes": [ { "category": "other", "text": "Channel Accessible by Non-Endpoint", "title": "CWE-300" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40770 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40770.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-40770" }, { "cve": "CVE-2025-47809", "cwe": { "id": "CWE-272", "name": "Least Privilege Violation" }, "notes": [ { "category": "other", "text": "Least Privilege Violation", "title": "CWE-272" } ], "product_status": { "known_affected": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] }, "references": [ { "category": "self", "summary": "CVE-2025-47809 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-47809.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-3046293", "CSAFPID-3046294", "CSAFPID-3046295", "CSAFPID-3046296", "CSAFPID-3046297", "CSAFPID-3046298", "CSAFPID-3046299", "CSAFPID-3046300", "CSAFPID-3046301", "CSAFPID-3046302", "CSAFPID-3046303", "CSAFPID-3046192", "CSAFPID-3046193", "CSAFPID-3046194", "CSAFPID-1296857", "CSAFPID-3046195", "CSAFPID-3046196", "CSAFPID-3046197", "CSAFPID-3046198", "CSAFPID-3046204", "CSAFPID-3046205", "CSAFPID-3046206", "CSAFPID-3046207", "CSAFPID-3046208", "CSAFPID-3046212", "CSAFPID-3046213", "CSAFPID-3046211", "CSAFPID-3046214", "CSAFPID-3046215", "CSAFPID-3046216", "CSAFPID-3046209", "CSAFPID-3046210", "CSAFPID-1426215", "CSAFPID-1296547", "CSAFPID-3046217", "CSAFPID-3046218", "CSAFPID-2963002", "CSAFPID-3046325", "CSAFPID-3046324", "CSAFPID-3045960", "CSAFPID-3045961", "CSAFPID-3045962", "CSAFPID-3046175", "CSAFPID-3046304", "CSAFPID-3046305", "CSAFPID-3046306", "CSAFPID-3046307", "CSAFPID-3046308", "CSAFPID-3045854", "CSAFPID-3045855", "CSAFPID-3045856", "CSAFPID-3045857", "CSAFPID-3045858", "CSAFPID-3045859", "CSAFPID-3045860", "CSAFPID-3045861", "CSAFPID-3045862", "CSAFPID-3045863", "CSAFPID-3045864", "CSAFPID-3045865", "CSAFPID-3045866", "CSAFPID-3045867", "CSAFPID-3045868", "CSAFPID-3045869", "CSAFPID-3045870", "CSAFPID-3045871", "CSAFPID-3045872", "CSAFPID-3045873", "CSAFPID-3045874", "CSAFPID-3045875", "CSAFPID-3045876", "CSAFPID-3045877", "CSAFPID-3045878", "CSAFPID-3045879", "CSAFPID-3045880", "CSAFPID-3045881", "CSAFPID-3045882", "CSAFPID-3045883", "CSAFPID-3045884", "CSAFPID-3045885", "CSAFPID-3045886", "CSAFPID-3045887", "CSAFPID-3045888", "CSAFPID-3045889", "CSAFPID-3046312", "CSAFPID-3046313", "CSAFPID-3046314", "CSAFPID-3046315", "CSAFPID-3046316", "CSAFPID-3046317", "CSAFPID-3046318" ] } ], "title": "CVE-2025-47809" } ] }
rhsa-2025:16116
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for gnutls is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395)\n\nBug Fix(es) and Enhancement(s):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2025:16116", "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16116.json" } ], "title": "Red Hat Security Advisory: gnutls security, bug fix, and enhancement update", "tracking": { "current_release_date": "2025-10-23T23:59:23+00:00", "generator": { "date": "2025-10-23T23:59:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2025:16116", "initial_release_date": "2025-09-17T18:17:11+00:00", "revision_history": [ { "date": "2025-09-17T18:17:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-09-17T18:17:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-23T23:59:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 9)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:9::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-6.el9_6.2?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-6.el9_6.2.aarch64", "product": { "name": "gnutls-0:3.8.3-6.el9_6.2.aarch64", "product_id": "gnutls-0:3.8.3-6.el9_6.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-6.el9_6.2?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-6.el9_6.2.ppc64le", "product": { "name": "gnutls-0:3.8.3-6.el9_6.2.ppc64le", "product_id": "gnutls-0:3.8.3-6.el9_6.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-c++-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-dane-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-devel-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-6.el9_6.2?arch=i686" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-6.el9_6.2.i686", "product": { "name": "gnutls-0:3.8.3-6.el9_6.2.i686", "product_id": "gnutls-0:3.8.3-6.el9_6.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-6.el9_6.2?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-6.el9_6.2.x86_64", "product": { "name": "gnutls-0:3.8.3-6.el9_6.2.x86_64", "product_id": "gnutls-0:3.8.3-6.el9_6.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-6.el9_6.2?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-6.el9_6.2.s390x", "product": { "name": "gnutls-0:3.8.3-6.el9_6.2.s390x", "product_id": "gnutls-0:3.8.3-6.el9_6.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.3-6.el9_6.2.src", "product": { "name": "gnutls-0:3.8.3-6.el9_6.2.src", "product_id": "gnutls-0:3.8.3-6.el9_6.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.src", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.src", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", "product_id": "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2025-07-07T09:30:13.037000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2376755" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "RHBZ#2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395" } ], "release_date": "2025-07-10T07:56:53.029000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T18:17:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2025-04-15T01:21:36.833000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359622" } ], "notes": [ { "category": "description", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS otherName SAN export", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "RHBZ#2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988" } ], "release_date": "2025-07-10T07:55:14.310000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T18:17:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS otherName SAN export" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2025-04-15T01:21:36.512000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359621" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS SCT extension parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "RHBZ#2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989" } ], "release_date": "2025-07-10T07:54:13.541000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T18:17:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS SCT extension parsing" }, { "cve": "CVE-2025-32990", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2025-04-15T01:21:36.656000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359620" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS certtool template parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "RHBZ#2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990" } ], "release_date": "2025-07-09T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T18:17:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "AppStream-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.src", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-c++-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-dane-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debuginfo-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-debugsource-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-devel-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-0:3.8.3-6.el9_6.2.x86_64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.aarch64", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.i686", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.ppc64le", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.s390x", "BaseOS-9.6.0.Z.MAIN.EUS:gnutls-utils-debuginfo-0:3.8.3-6.el9_6.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS certtool template parsing" } ] }
rhsa-2025:17348
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for gnutls is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395)\n\nBug Fix(es) and Enhancement(s):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2025:17348", "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17348.json" } ], "title": "Red Hat Security Advisory: gnutls security, bug fix, and enhancement update", "tracking": { "current_release_date": "2025-10-23T23:59:25+00:00", "generator": { "date": "2025-10-23T23:59:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2025:17348", "initial_release_date": "2025-10-06T02:41:41+00:00", "revision_history": [ { "date": "2025-10-06T02:41:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-10-06T02:41:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-23T23:59:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product": { "name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-4.el9_4.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-4.el9_4.4.aarch64", "product": { "name": "gnutls-0:3.8.3-4.el9_4.4.aarch64", "product_id": "gnutls-0:3.8.3-4.el9_4.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-4.el9_4.4?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-4.el9_4.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-4.el9_4.4.ppc64le", "product": { "name": "gnutls-0:3.8.3-4.el9_4.4.ppc64le", "product_id": "gnutls-0:3.8.3-4.el9_4.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-4.el9_4.4?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-c++-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-dane-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-devel-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-4.el9_4.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-4.el9_4.4.i686", "product": { "name": "gnutls-0:3.8.3-4.el9_4.4.i686", "product_id": "gnutls-0:3.8.3-4.el9_4.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-4.el9_4.4?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-4.el9_4.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-4.el9_4.4.x86_64", "product": { "name": "gnutls-0:3.8.3-4.el9_4.4.x86_64", "product_id": "gnutls-0:3.8.3-4.el9_4.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-4.el9_4.4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.3-4.el9_4.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-0:3.8.3-4.el9_4.4.s390x", "product": { "name": "gnutls-0:3.8.3-4.el9_4.4.s390x", "product_id": "gnutls-0:3.8.3-4.el9_4.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-4.el9_4.4?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.3-4.el9_4.4.src", "product": { "name": "gnutls-0:3.8.3-4.el9_4.4.src", "product_id": "gnutls-0:3.8.3-4.el9_4.4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.3-4.el9_4.4?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.src", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.src", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)", "product_id": "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2025-07-07T09:30:13.037000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2376755" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "known_not_affected": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "RHBZ#2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395" } ], "release_date": "2025-07-10T07:56:53.029000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T02:41:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2025-04-15T01:21:36.833000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359622" } ], "notes": [ { "category": "description", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS otherName SAN export", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "known_not_affected": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "RHBZ#2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988" } ], "release_date": "2025-07-10T07:55:14.310000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T02:41:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS otherName SAN export" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2025-04-15T01:21:36.512000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359621" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS SCT extension parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "known_not_affected": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "RHBZ#2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989" } ], "release_date": "2025-07-10T07:54:13.541000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T02:41:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS SCT extension parsing" }, { "cve": "CVE-2025-32990", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2025-04-15T01:21:36.656000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359620" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS certtool template parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "known_not_affected": [ "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "RHBZ#2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990" } ], "release_date": "2025-07-09T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T02:41:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "AppStream-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "AppStream-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.src", "BaseOS-9.4.0.Z.EUS:gnutls-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-c++-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-dane-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debuginfo-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-debugsource-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-devel-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-0:3.8.3-4.el9_4.4.x86_64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.aarch64", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.i686", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.ppc64le", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.s390x", "BaseOS-9.4.0.Z.EUS:gnutls-utils-debuginfo-0:3.8.3-4.el9_4.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS certtool template parsing" } ] }
rhsa-2025:17361
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS (CVE-2024-12243)\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395)\n\nBug Fix(es) and Enhancement(s):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2025:17361", "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2344615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344615" }, { "category": "external", "summary": "2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17361.json" } ], "title": "Red Hat Security Advisory: gnutls security, bug fix, and enhancement update", "tracking": { "current_release_date": "2025-10-23T23:59:25+00:00", "generator": { "date": "2025-10-23T23:59:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2025:17361", "initial_release_date": "2025-10-06T08:50:07+00:00", "revision_history": [ { "date": "2025-10-06T08:50:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-10-06T08:50:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-23T23:59:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product": { "name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product": { "name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.7.6-21.el9_2.4.src", "product": { "name": "gnutls-0:3.7.6-21.el9_2.4.src", "product_id": "gnutls-0:3.7.6-21.el9_2.4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.7.6-21.el9_2.4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.7.6-21.el9_2.4?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "product": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "product_id": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.7.6-21.el9_2.4?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.7.6-21.el9_2.4?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "product": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "product_id": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.7.6-21.el9_2.4?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-c++-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-dane-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.7.6-21.el9_2.4?arch=i686" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.7.6-21.el9_2.4.i686", "product": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.i686", "product_id": "gnutls-devel-0:3.7.6-21.el9_2.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.7.6-21.el9_2.4?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.7.6-21.el9_2.4?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "product": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "product_id": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.7.6-21.el9_2.4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.7.6-21.el9_2.4?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "product": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "product_id": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.7.6-21.el9_2.4?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.src", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.src", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id": "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "relates_to_product_reference": "BaseOS-9.2.0.Z.E4S" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Bing Shi" ] } ], "cve": "CVE-2024-12243", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "discovery_date": "2025-02-10T08:33:56.422000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2344615" } ], "notes": [ { "category": "description", "text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-12243" }, { "category": "external", "summary": "RHBZ#2344615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-12243", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243" }, { "category": "external", "summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52", "url": "https://gitlab.com/gnutls/libtasn1/-/issues/52" } ], "release_date": "2025-02-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T08:50:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17361" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS" }, { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2025-07-07T09:30:13.037000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2376755" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "RHBZ#2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395" } ], "release_date": "2025-07-10T07:56:53.029000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T08:50:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2025-04-15T01:21:36.833000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359622" } ], "notes": [ { "category": "description", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS otherName SAN export", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "RHBZ#2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988" } ], "release_date": "2025-07-10T07:55:14.310000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T08:50:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS otherName SAN export" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2025-04-15T01:21:36.512000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359621" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS SCT extension parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "RHBZ#2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989" } ], "release_date": "2025-07-10T07:54:13.541000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T08:50:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS SCT extension parsing" }, { "cve": "CVE-2025-32990", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2025-04-15T01:21:36.656000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359620" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS certtool template parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "RHBZ#2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990" } ], "release_date": "2025-07-09T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-06T08:50:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "AppStream-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "AppStream-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.src", "BaseOS-9.2.0.Z.E4S:gnutls-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-c++-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-dane-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debuginfo-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-debugsource-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-devel-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-0:3.7.6-21.el9_2.4.x86_64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.aarch64", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.i686", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.ppc64le", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.s390x", "BaseOS-9.2.0.Z.E4S:gnutls-utils-debuginfo-0:3.7.6-21.el9_2.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS certtool template parsing" } ] }
rhsa-2025:16115
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for gnutls is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395)\n\nBug Fix(es) and Enhancement(s):\n\n* gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620)\n\n* gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621)\n\n* gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622)\n\n* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2025:16115", "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16115.json" } ], "title": "Red Hat Security Advisory: gnutls security, bug fix, and enhancement update", "tracking": { "current_release_date": "2025-10-23T23:59:23+00:00", "generator": { "date": "2025-10-23T23:59:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2025:16115", "initial_release_date": "2025-09-17T17:13:16+00:00", "revision_history": [ { "date": "2025-09-17T17:13:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-09-17T17:13:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-23T23:59:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 10)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:10.0" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 10)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:10.0" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.9-9.el10_0.14.src", "product": { "name": "gnutls-0:3.8.9-9.el10_0.14.src", "product_id": "gnutls-0:3.8.9-9.el10_0.14.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.9-9.el10_0.14?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-fips@3.8.9-9.el10_0.14?arch=aarch64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "product": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "product_id": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.9-9.el10_0.14?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-fips@3.8.9-9.el10_0.14?arch=ppc64le" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "product": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "product_id": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.9-9.el10_0.14?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-fips@3.8.9-9.el10_0.14?arch=x86_64" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "product": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "product_id": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.9-9.el10_0.14?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "gnutls-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debugsource@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-debuginfo@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-dane@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-devel@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-fips@3.8.9-9.el10_0.14?arch=s390x" } } }, { "category": "product_version", "name": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "product": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "product_id": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/gnutls-utils@3.8.9-9.el10_0.14?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.src as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.src", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)", "product_id": "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "AppStream-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.src", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "relates_to_product_reference": "BaseOS-10.0.Z" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)", "product_id": "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" }, "product_reference": "gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "relates_to_product_reference": "BaseOS-10.0.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2025-07-07T09:30:13.037000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2376755" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "RHBZ#2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395" } ], "release_date": "2025-07-10T07:56:53.029000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T17:13:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2025-04-15T01:21:36.833000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359622" } ], "notes": [ { "category": "description", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS otherName SAN export", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "RHBZ#2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988" } ], "release_date": "2025-07-10T07:55:14.310000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T17:13:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS otherName SAN export" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2025-04-15T01:21:36.512000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359621" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS SCT extension parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "RHBZ#2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989" } ], "release_date": "2025-07-10T07:54:13.541000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T17:13:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS SCT extension parsing" }, { "cve": "CVE-2025-32990", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2025-04-15T01:21:36.656000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359620" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS certtool template parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "RHBZ#2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990" } ], "release_date": "2025-07-09T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-09-17T17:13:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "AppStream-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "AppStream-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.src", "BaseOS-10.0.Z:gnutls-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-c++-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-dane-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debuginfo-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-debugsource-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-devel-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-fips-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-0:3.8.9-9.el10_0.14.x86_64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.aarch64", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.ppc64le", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.s390x", "BaseOS-10.0.Z:gnutls-utils-debuginfo-0:3.8.9-9.el10_0.14.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS certtool template parsing" } ] }
rhsa-2025:19088
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A Subscription Management tool for finding and reporting Red Hat product usage", "title": "Topic" }, { "category": "general", "text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2025:19088", "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-32988", "url": "https://access.redhat.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-32989", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-32990", "url": "https://access.redhat.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-53905", "url": "https://access.redhat.com/security/cve/CVE-2025-53905" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-53906", "url": "https://access.redhat.com/security/cve/CVE-2025-53906" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-6395", "url": "https://access.redhat.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/", "url": "https://access.redhat.com/security/updates/classification/" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery", "url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19088.json" } ], "title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage", "tracking": { "current_release_date": "2025-10-23T19:29:34+00:00", "generator": { "date": "2025-10-23T19:29:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2025:19088", "initial_release_date": "2025-10-23T19:26:05+00:00", "revision_history": [ { "date": "2025-10-23T19:26:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-10-23T19:26:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-23T19:29:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Discovery 2", "product": { "name": "Red Hat Discovery 2", "product_id": "Red Hat Discovery 2", "product_identification_helper": { "cpe": "cpe:/a:redhat:discovery:2::el9" } } } ], "category": "product_family", "name": "Red Hat Discovery" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "product": { "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "product_identification_helper": { "purl": "pkg:oci/discovery-server-rhel9@sha256%3A54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760553895" } } }, { "category": "product_version", "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64", "product": { "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64", "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64", "product_identification_helper": { "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760554384" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "product": { "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "product_identification_helper": { "purl": "pkg:oci/discovery-server-rhel9@sha256%3Af4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760553895" } } }, { "category": "product_version", "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "product": { "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "product_identification_helper": { "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760554384" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64 as a component of Red Hat Discovery 2", "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64" }, "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "relates_to_product_reference": "Red Hat Discovery 2" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64 as a component of Red Hat Discovery 2", "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" }, "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "relates_to_product_reference": "Red Hat Discovery 2" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64 as a component of Red Hat Discovery 2", "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64" }, "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "relates_to_product_reference": "Red Hat Discovery 2" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64 as a component of Red Hat Discovery 2", "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" }, "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64", "relates_to_product_reference": "Red Hat Discovery 2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2025-07-07T09:30:13.037000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2376755" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "known_not_affected": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "RHBZ#2376755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395" } ], "release_date": "2025-07-10T07:56:53.029000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-23T19:26:05+00:00", "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2025-04-15T01:21:36.833000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359622" } ], "notes": [ { "category": "description", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS otherName SAN export", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "known_not_affected": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "RHBZ#2359622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988" } ], "release_date": "2025-07-10T07:55:14.310000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-23T19:26:05+00:00", "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS otherName SAN export" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2025-04-15T01:21:36.512000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359621" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS SCT extension parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "known_not_affected": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "RHBZ#2359621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989" } ], "release_date": "2025-07-10T07:54:13.541000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-23T19:26:05+00:00", "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS SCT extension parsing" }, { "cve": "CVE-2025-32990", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2025-04-15T01:21:36.656000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2359620" } ], "notes": [ { "category": "description", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: Vulnerability in GnuTLS certtool template parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "known_not_affected": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "RHBZ#2359620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990" } ], "release_date": "2025-07-09T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-23T19:26:05+00:00", "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: Vulnerability in GnuTLS certtool template parsing" }, { "cve": "CVE-2025-53905", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2025-07-15T21:01:19.770241+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2380362" } ], "notes": [ { "category": "description", "text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "title": "Vulnerability description" }, { "category": "summary", "text": "vim: Vim path traversial", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "known_not_affected": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-53905" }, { "category": "external", "summary": "RHBZ#2380362", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380362" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-53905", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53905" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905" }, { "category": "external", "summary": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239", "url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239" }, { "category": "external", "summary": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr", "url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr" } ], "release_date": "2025-07-15T20:48:34.764000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-23T19:26:05+00:00", "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vim: Vim path traversial" }, { "cve": "CVE-2025-53906", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2025-07-15T21:01:15.057182+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2380360" } ], "notes": [ { "category": "description", "text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "title": "Vulnerability description" }, { "category": "summary", "text": "vim: Vim path traversal", "title": "Vulnerability summary" }, { "category": "other", "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "known_not_affected": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-53906" }, { "category": "external", "summary": "RHBZ#2380360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-53906", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906" }, { "category": "external", "summary": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8", "url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8" }, { "category": "external", "summary": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86", "url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86" } ], "release_date": "2025-07-15T20:52:40.137000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-10-23T19:26:05+00:00", "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64", "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vim: Vim path traversal" } ] }
opensuse-su-2025:15411-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "gnutls-3.8.10-1.1 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the gnutls-3.8.10-1.1 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2025-15411", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15411-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2025-32988 page", "url": "https://www.suse.com/security/cve/CVE-2025-32988/" }, { "category": "self", "summary": "SUSE CVE CVE-2025-32989 page", "url": "https://www.suse.com/security/cve/CVE-2025-32989/" }, { "category": "self", "summary": "SUSE CVE CVE-2025-32990 page", "url": "https://www.suse.com/security/cve/CVE-2025-32990/" }, { "category": "self", "summary": "SUSE CVE CVE-2025-6395 page", "url": "https://www.suse.com/security/cve/CVE-2025-6395/" } ], "title": "gnutls-3.8.10-1.1 on GA media", "tracking": { "current_release_date": "2025-08-05T00:00:00Z", "generator": { "date": "2025-08-05T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2025:15411-1", "initial_release_date": "2025-08-05T00:00:00Z", "revision_history": [ { "date": "2025-08-05T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "gnutls-3.8.10-1.1.aarch64", "product": { "name": "gnutls-3.8.10-1.1.aarch64", "product_id": "gnutls-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls-dane-devel-3.8.10-1.1.aarch64", "product": { "name": "libgnutls-dane-devel-3.8.10-1.1.aarch64", "product_id": "libgnutls-dane-devel-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls-dane0-3.8.10-1.1.aarch64", "product": { "name": "libgnutls-dane0-3.8.10-1.1.aarch64", "product_id": "libgnutls-dane0-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.10-1.1.aarch64", "product": { "name": "libgnutls-devel-3.8.10-1.1.aarch64", "product_id": "libgnutls-devel-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls-devel-32bit-3.8.10-1.1.aarch64", "product": { "name": "libgnutls-devel-32bit-3.8.10-1.1.aarch64", "product_id": "libgnutls-devel-32bit-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls-devel-doc-3.8.10-1.1.aarch64", "product": { "name": "libgnutls-devel-doc-3.8.10-1.1.aarch64", "product_id": "libgnutls-devel-doc-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls30-3.8.10-1.1.aarch64", "product": { "name": "libgnutls30-3.8.10-1.1.aarch64", "product_id": "libgnutls30-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutls30-32bit-3.8.10-1.1.aarch64", "product": { "name": "libgnutls30-32bit-3.8.10-1.1.aarch64", "product_id": "libgnutls30-32bit-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.10-1.1.aarch64", "product": { "name": "libgnutlsxx-devel-3.8.10-1.1.aarch64", "product_id": "libgnutlsxx-devel-3.8.10-1.1.aarch64" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.10-1.1.aarch64", "product": { "name": "libgnutlsxx30-3.8.10-1.1.aarch64", "product_id": "libgnutlsxx30-3.8.10-1.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.10-1.1.ppc64le", "product": { "name": "gnutls-3.8.10-1.1.ppc64le", "product_id": "gnutls-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls-dane-devel-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls-dane-devel-3.8.10-1.1.ppc64le", "product_id": "libgnutls-dane-devel-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls-dane0-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls-dane0-3.8.10-1.1.ppc64le", "product_id": "libgnutls-dane0-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls-devel-3.8.10-1.1.ppc64le", "product_id": "libgnutls-devel-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "product_id": "libgnutls-devel-32bit-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls-devel-doc-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls-devel-doc-3.8.10-1.1.ppc64le", "product_id": "libgnutls-devel-doc-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls30-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls30-3.8.10-1.1.ppc64le", "product_id": "libgnutls30-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls30-32bit-3.8.10-1.1.ppc64le", "product": { "name": "libgnutls30-32bit-3.8.10-1.1.ppc64le", "product_id": "libgnutls30-32bit-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.10-1.1.ppc64le", "product": { "name": "libgnutlsxx-devel-3.8.10-1.1.ppc64le", "product_id": "libgnutlsxx-devel-3.8.10-1.1.ppc64le" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.10-1.1.ppc64le", "product": { "name": "libgnutlsxx30-3.8.10-1.1.ppc64le", "product_id": "libgnutlsxx30-3.8.10-1.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.10-1.1.s390x", "product": { "name": "gnutls-3.8.10-1.1.s390x", "product_id": "gnutls-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls-dane-devel-3.8.10-1.1.s390x", "product": { "name": "libgnutls-dane-devel-3.8.10-1.1.s390x", "product_id": "libgnutls-dane-devel-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls-dane0-3.8.10-1.1.s390x", "product": { "name": "libgnutls-dane0-3.8.10-1.1.s390x", "product_id": "libgnutls-dane0-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.10-1.1.s390x", "product": { "name": "libgnutls-devel-3.8.10-1.1.s390x", "product_id": "libgnutls-devel-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls-devel-32bit-3.8.10-1.1.s390x", "product": { "name": "libgnutls-devel-32bit-3.8.10-1.1.s390x", "product_id": "libgnutls-devel-32bit-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls-devel-doc-3.8.10-1.1.s390x", "product": { "name": "libgnutls-devel-doc-3.8.10-1.1.s390x", "product_id": "libgnutls-devel-doc-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls30-3.8.10-1.1.s390x", "product": { "name": "libgnutls30-3.8.10-1.1.s390x", "product_id": "libgnutls30-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutls30-32bit-3.8.10-1.1.s390x", "product": { "name": "libgnutls30-32bit-3.8.10-1.1.s390x", "product_id": "libgnutls30-32bit-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.10-1.1.s390x", "product": { "name": "libgnutlsxx-devel-3.8.10-1.1.s390x", "product_id": "libgnutlsxx-devel-3.8.10-1.1.s390x" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.10-1.1.s390x", "product": { "name": "libgnutlsxx30-3.8.10-1.1.s390x", "product_id": "libgnutlsxx30-3.8.10-1.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.10-1.1.x86_64", "product": { "name": "gnutls-3.8.10-1.1.x86_64", "product_id": "gnutls-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-dane-devel-3.8.10-1.1.x86_64", "product": { "name": "libgnutls-dane-devel-3.8.10-1.1.x86_64", "product_id": "libgnutls-dane-devel-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-dane0-3.8.10-1.1.x86_64", "product": { "name": "libgnutls-dane0-3.8.10-1.1.x86_64", "product_id": "libgnutls-dane0-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.10-1.1.x86_64", "product": { "name": "libgnutls-devel-3.8.10-1.1.x86_64", "product_id": "libgnutls-devel-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-devel-32bit-3.8.10-1.1.x86_64", "product": { "name": "libgnutls-devel-32bit-3.8.10-1.1.x86_64", "product_id": "libgnutls-devel-32bit-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-devel-doc-3.8.10-1.1.x86_64", "product": { "name": "libgnutls-devel-doc-3.8.10-1.1.x86_64", "product_id": "libgnutls-devel-doc-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls30-3.8.10-1.1.x86_64", "product": { "name": "libgnutls30-3.8.10-1.1.x86_64", "product_id": "libgnutls30-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutls30-32bit-3.8.10-1.1.x86_64", "product": { "name": "libgnutls30-32bit-3.8.10-1.1.x86_64", "product_id": "libgnutls30-32bit-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.10-1.1.x86_64", "product": { "name": "libgnutlsxx-devel-3.8.10-1.1.x86_64", "product_id": "libgnutlsxx-devel-3.8.10-1.1.x86_64" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.10-1.1.x86_64", "product": { "name": "libgnutlsxx30-3.8.10-1.1.x86_64", "product_id": "libgnutlsxx30-3.8.10-1.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64" }, "product_reference": "gnutls-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le" }, "product_reference": "gnutls-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x" }, "product_reference": "gnutls-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64" }, "product_reference": "gnutls-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane-devel-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls-dane-devel-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane-devel-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls-dane-devel-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane-devel-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x" }, "product_reference": "libgnutls-dane-devel-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane-devel-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls-dane-devel-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane0-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls-dane0-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane0-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls-dane0-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane0-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x" }, "product_reference": "libgnutls-dane0-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-dane0-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls-dane0-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls-devel-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls-devel-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x" }, "product_reference": "libgnutls-devel-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls-devel-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-32bit-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls-devel-32bit-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-32bit-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-32bit-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x" }, "product_reference": "libgnutls-devel-32bit-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-32bit-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls-devel-32bit-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-doc-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls-devel-doc-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-doc-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls-devel-doc-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-doc-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x" }, "product_reference": "libgnutls-devel-doc-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-doc-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls-devel-doc-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls30-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls30-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x" }, "product_reference": "libgnutls30-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls30-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64" }, "product_reference": "libgnutls30-32bit-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutls30-32bit-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x" }, "product_reference": "libgnutls30-32bit-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64" }, "product_reference": "libgnutls30-32bit-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64" }, "product_reference": "libgnutlsxx-devel-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutlsxx-devel-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x" }, "product_reference": "libgnutlsxx-devel-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64" }, "product_reference": "libgnutlsxx-devel-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.10-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64" }, "product_reference": "libgnutlsxx30-3.8.10-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.10-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le" }, "product_reference": "libgnutlsxx30-3.8.10-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.10-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x" }, "product_reference": "libgnutlsxx30-3.8.10-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.10-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" }, "product_reference": "libgnutlsxx30-3.8.10-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-32988", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-32988" } ], "notes": [ { "category": "general", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-32988", "url": "https://www.suse.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "SUSE Bug 1246232 for CVE-2025-32988", "url": "https://bugzilla.suse.com/1246232" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-05T00:00:00Z", "details": "important" } ], "title": "CVE-2025-32988" }, { "cve": "CVE-2025-32989", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-32989" } ], "notes": [ { "category": "general", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-32989", "url": "https://www.suse.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "SUSE Bug 1246233 for CVE-2025-32989", "url": "https://bugzilla.suse.com/1246233" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-05T00:00:00Z", "details": "moderate" } ], "title": "CVE-2025-32989" }, { "cve": "CVE-2025-32990", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-32990" } ], "notes": [ { "category": "general", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-32990", "url": "https://www.suse.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "SUSE Bug 1246267 for CVE-2025-32990", "url": "https://bugzilla.suse.com/1246267" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-05T00:00:00Z", "details": "moderate" } ], "title": "CVE-2025-32990" }, { "cve": "CVE-2025-6395", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-6395" } ], "notes": [ { "category": "general", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-6395", "url": "https://www.suse.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "SUSE Bug 1246299 for CVE-2025-6395", "url": "https://bugzilla.suse.com/1246299" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:gnutls-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.s390x", "openSUSE Tumbleweed:gnutls-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-dane0-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutls30-32bit-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.10-1.1.x86_64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.aarch64", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.ppc64le", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.s390x", "openSUSE Tumbleweed:libgnutlsxx30-3.8.10-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-05T00:00:00Z", "details": "moderate" } ], "title": "CVE-2025-6395" } ] }
icsa-25-162-05
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens ProductCERT", "summary": "reporting these vulnerabilities to CISA." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).\n\nSiemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.", "title": "Terms of Use" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "other", "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-082556 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.", "title": "Advisory Conversion Disclaimer" }, { "category": "other", "text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" } ], "publisher": { "category": "other", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-082556.json" }, { "category": "self", "summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "category": "self", "summary": "ICS Advisory ICSA-25-162-05 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-162-05.json" }, { "category": "self", "summary": "ICS Advisory ICSA-25-162-05 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5", "tracking": { "current_release_date": "2025-08-12T00:00:00.000000Z", "generator": { "date": "2025-08-14T23:08:52.425782Z", "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-25-162-05", "initial_release_date": "2025-06-10T00:00:00.000000Z", "revision_history": [ { "date": "2025-06-10T00:00:00.000000Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2025-08-12T00:00:00.000000Z", "legacy_version": "1.1", "number": "2", "summary": "Added CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)", "product_id": "CSAFPID-0001", "product_identification_helper": { "model_numbers": [ "6ES7518-4AX00-1AB0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)", "product_id": "CSAFPID-0002", "product_identification_helper": { "model_numbers": [ "6ES7518-4AX00-1AC0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)", "product_id": "CSAFPID-0003", "product_identification_helper": { "model_numbers": [ "6ES7518-4FX00-1AB0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)", "product_id": "CSAFPID-0004", "product_identification_helper": { "model_numbers": [ "6ES7518-4FX00-1AC0" ] } } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/\u003e=3.1.5", "product": { "name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)", "product_id": "CSAFPID-0005", "product_identification_helper": { "model_numbers": [ "6AG1518-4AX00-4AC0" ] } } } ], "category": "product_name", "name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-41617", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2021-41617" }, { "cve": "CVE-2023-4527", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-4527" }, { "cve": "CVE-2023-4806", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-4806" }, { "cve": "CVE-2023-4911", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-4911" }, { "cve": "CVE-2023-5363", "cwe": { "id": "CWE-684", "name": "Incorrect Provision of Specified Functionality" }, "notes": [ { "category": "summary", "text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-5363" }, { "cve": "CVE-2023-6246", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-6246" }, { "cve": "CVE-2023-6779", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-6779" }, { "cve": "CVE-2023-6780", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-6780" }, { "cve": "CVE-2023-28531", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-28531" }, { "cve": "CVE-2023-38545", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-38545" }, { "cve": "CVE-2023-38546", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "notes": [ { "category": "summary", "text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-38546" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-44487" }, { "cve": "CVE-2023-46218", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-46218" }, { "cve": "CVE-2023-46219", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-46219" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "notes": [ { "category": "summary", "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-48795" }, { "cve": "CVE-2023-51384", "cwe": { "id": "CWE-304", "name": "Missing Critical Step in Authentication" }, "notes": [ { "category": "summary", "text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-51384" }, { "cve": "CVE-2023-51385", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "notes": [ { "category": "summary", "text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-51385" }, { "cve": "CVE-2023-52927", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2023-52927" }, { "cve": "CVE-2024-2961", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-2961" }, { "cve": "CVE-2024-6119", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "notes": [ { "category": "summary", "text": "Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don\u0027t perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-6119" }, { "cve": "CVE-2024-6387", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "summary", "text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-6387" }, { "cve": "CVE-2024-12133", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "notes": [ { "category": "summary", "text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-12133" }, { "cve": "CVE-2024-12243", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "notes": [ { "category": "summary", "text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-12243" }, { "cve": "CVE-2024-24855", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "A race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-24855" }, { "cve": "CVE-2024-26596", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "net: dsa: netdev_priv() dereference before check on non-DSA netdevice events.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-26596" }, { "cve": "CVE-2024-28085", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\u0027 terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-28085" }, { "cve": "CVE-2024-33599", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "nscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\r\nby client requests then a subsequent client request for netgroup data\r\nmay result in a stack-based buffer overflow. This flaw was introduced\r\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-33599" }, { "cve": "CVE-2024-33600", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "nscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\r\nnetgroup response to the cache, the client request can result in a null\r\npointer dereference. This flaw was introduced in glibc 2.15 when the\r\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-33600" }, { "cve": "CVE-2024-33601", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "nscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\r\nxrealloc and these functions may terminate the process due to a memory\r\nallocation failure resulting in a denial of service to the clients. The\r\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-33601" }, { "cve": "CVE-2024-33602", "cwe": { "id": "CWE-466", "name": "Return of Pointer Value Outside of Expected Range" }, "notes": [ { "category": "summary", "text": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\r\nwhen the NSS callback does not store all strings in the provided buffer.\r\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-33602" }, { "cve": "CVE-2024-34397", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-34397" }, { "cve": "CVE-2024-37370", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "summary", "text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-37370" }, { "cve": "CVE-2024-37371", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "summary", "text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-37371" }, { "cve": "CVE-2024-45490", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-45490" }, { "cve": "CVE-2024-45491", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-45491" }, { "cve": "CVE-2024-45492", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-45492" }, { "cve": "CVE-2024-50246", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/ntfs3: Add rough attr alloc_size check", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-50246" }, { "cve": "CVE-2024-53166", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "block, bfq: bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-\u003elock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-53166" }, { "cve": "CVE-2024-57977", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "summary", "text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-57977" }, { "cve": "CVE-2024-57996", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "summary", "text": "net_sched: sch_sfq: vulnerability caused by incorrectly handling a packet limit of 1, leading to an array-index-out-of-bounds error and subsequent crash when the queue length is decremented for an empty slot.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-57996" }, { "cve": "CVE-2024-58005", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "tpm: Change to kvalloc() in eventlog/acpi.c.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2024-58005" }, { "cve": "CVE-2025-4373", "cwe": { "id": "CWE-124", "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)" }, "notes": [ { "category": "summary", "text": "GLib is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-4373" }, { "cve": "CVE-2025-4598", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "summary", "text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\r\n\r\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-4598" }, { "cve": "CVE-2025-6395", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-6395" }, { "cve": "CVE-2025-21701", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "net: vulnerability arises because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, leading to potential use of destroyed locks, which is fixed by denying operations on devices being unregistered.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21701" }, { "cve": "CVE-2025-21702", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21702" }, { "cve": "CVE-2025-21712", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "md/md-bitmap: vulnerability caused by bitmap_get_stats() can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmap_get_stats() with bitmap_info.mutex.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21712" }, { "cve": "CVE-2025-21724", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index(). Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index() where shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift (an unsigned long value) could result in undefined behavior. The constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds 31 (e.g., pgshift = 63) the shift operation overflows, as the result cannot be represented in a 32-bit type.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21724" }, { "cve": "CVE-2025-21728", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21728" }, { "cve": "CVE-2025-21745", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21745" }, { "cve": "CVE-2025-21756", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21756" }, { "cve": "CVE-2025-21758", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21758" }, { "cve": "CVE-2025-21765", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21765" }, { "cve": "CVE-2025-21766", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ipv4: use RCU protection in __ip_rt_update_pmtu(). __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21766" }, { "cve": "CVE-2025-21767", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clocksource_verify_percpu.part.0+0x6b/0x330 clocksource_watchdog_kthread+0x193/0x1a0 It is due to the fact that clocksource_verify_choose_cpus() is invoked with preemption disabled. This function invokes get_random_u32() to obtain random numbers for choosing CPUs. The batched_entropy_32 local lock and/or the base_crng.lock spinlock in driver/char/random.c will be acquired during the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot be acquired in atomic context. Fix this problem by using migrate_disable() to allow smp_processor_id() to be reliably used without introducing atomic context. preempt_disable() is then called after clocksource_verify_choose_cpus() but before the clocksource measurement is being run to avoid introducing unexpected latency.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21767" }, { "cve": "CVE-2025-21795", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21795" }, { "cve": "CVE-2025-21796", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21796" }, { "cve": "CVE-2025-21848", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\r\n\r\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\r\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21848" }, { "cve": "CVE-2025-21862", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "summary", "text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21862" }, { "cve": "CVE-2025-21864", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: drop secpath at the same time as we currently drop dst\r\n\r\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\r\nrunning tests that boil down to:\r\n - create a pair of netns\r\n - run a basic TCP test over ipcomp6\r\n - delete the pair of netns\r\n\r\nThe xfrm_state found on spi_byaddr was not deleted at the time we\r\ndelete the netns, because we still have a reference on it. This\r\nlingering reference comes from a secpath (which holds a ref on the\r\nxfrm_state), which is still attached to an skb. This skb is not\r\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\r\nskb_attempt_defer_free.\r\n\r\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\r\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\r\nthat case, we still have a reference on the xfrm_state that we don\u0027t\r\nexpect at this point.\r\n\r\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\r\nlonger needed, so let\u0027s also drop the secpath. At this point,\r\ntcp_filter has already called into the LSM hooks that may require the\r\nsecpath, so it should not be needed anymore. However, in some of those\r\nplaces, the MPTCP extension has just been attached to the skb, so we\r\ncannot simply drop all extensions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21864" }, { "cve": "CVE-2025-21865", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-21865" }, { "cve": "CVE-2025-26465", "cwe": { "id": "CWE-390", "name": "Detection of Error Condition Without Action" }, "notes": [ { "category": "summary", "text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-26465" }, { "cve": "CVE-2025-31115", "cwe": { "id": "CWE-826", "name": "Premature Release of Resource During Expected Lifetime" }, "notes": [ { "category": "summary", "text": "The threaded .xz decoder in liblzma has a vulnerability that can at least result in a crash (denial of service). The effects include heap use after free and writing to an address based on the null pointer plus an offset.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-31115" }, { "cve": "CVE-2025-32988", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "summary", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-32988" }, { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "summary", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-32989" }, { "cve": "CVE-2025-46836", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] }, "remediations": [ { "category": "none_available", "details": "Currently no fix is available", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005" ] } ], "title": "CVE-2025-46836" } ] }
fkie_cve-2025-32989
Vulnerability from fkie_nvd
URL | Tags | ||
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:16115 | ||
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:16116 | ||
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:17348 | ||
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:17361 | ||
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19088 | ||
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2025-32989 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2359621 | Issue Tracking |
Vendor | Product | Version | |
---|---|---|---|
gnu | gnutls | - | |
redhat | openshift_container_platform | 4.0 | |
redhat | enterprise_linux | 6.0 | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux | 8.0 | |
redhat | enterprise_linux | 9.0 | |
redhat | enterprise_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*", "matchCriteriaId": "33A22858-21E1-479F-A9C4-AD2EFD059B93", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly." }, { "lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de sobrelectura del b\u00fafer de mont\u00f3n en GnuTLS en la gesti\u00f3n de la extensi\u00f3n de marca de tiempo del certificado firmado (SCT) de Transparencia de Certificado (CT) durante el an\u00e1lisis de certificados X.509. Esta falla permite a un usuario malintencionado crear un certificado con una extensi\u00f3n SCT mal formada (OID 1.3.6.1.4.1.11129.2.4.2) que contiene datos confidenciales. Este problema provoca la exposici\u00f3n de informaci\u00f3n confidencial cuando GnuTLS verifica certificados de ciertos sitios web cuando la SCT no se verifica correctamente." } ], "id": "CVE-2025-32989", "lastModified": "2025-10-23T20:15:38.730", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary" } ] }, "published": "2025-07-10T08:15:24.430", "references": [ { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-295" } ], "source": "secalert@redhat.com", "type": "Secondary" } ] }
wid-sec-w-2025-1526
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "GnuTLS (GNU Transport Layer Security Library) ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GnuTLS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2025-1526 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1526.json" }, { "category": "self", "summary": "WID-SEC-2025-1526 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1526" }, { "category": "external", "summary": "GnuTLS Security Advisories vom 2025-07-09", "url": "https://gnutls.org/security-new.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2025-16A24364CE vom 2025-07-11", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-16a24364ce" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2025-814D6183DD vom 2025-07-11", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-814d6183dd" }, { "category": "external", "summary": "Ubuntu Security Notice USN-7635-1 vom 2025-07-14", "url": "https://ubuntu.com/security/notices/USN-7635-1" }, { "category": "external", "summary": "Debian Security Advisory DSA-5962 vom 2025-07-16", "url": "https://lists.debian.org/debian-security-announce/2025/msg00126.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:02340-1 vom 2025-07-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021839.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:02520-1 vom 2025-07-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021960.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:02583-1 vom 2025-07-31", "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/022000.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:02595-1 vom 2025-08-01", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JYPBGMJ5ZZKYJSGZUFMVWEKQACCAJCYP/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:02589-1 vom 2025-08-01", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3CNSZMPROCJTKZ4344O72RHPEVGQ5PIN/" }, { "category": "external", "summary": "Debian Security Advisory DLA-4267 vom 2025-08-09", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2025-2969 vom 2025-08-19", "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2969.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:20563-1 vom 2025-08-28", "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022319.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-7742-1 vom 2025-09-10", "url": "https://ubuntu.com/security/notices/USN-7742-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2025:20665-1 vom 2025-09-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022483.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2025:16115 vom 2025-09-17", "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202509-08 vom 2025-09-18", "url": "https://security.gentoo.org/glsa/202509-08" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2025:16116 vom 2025-09-17", "url": "https://access.redhat.com/errata/RHSA-2025:16116" } ], "source_lang": "en-US", "title": "GnuTLS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2025-09-17T22:00:00.000+00:00", "generator": { "date": "2025-09-18T07:01:11.262+00:00", "engine": { "name": "BSI-WID", "version": "1.4.0" } }, "id": "WID-SEC-W-2025-1526", "initial_release_date": "2025-07-09T22:00:00.000+00:00", "revision_history": [ { "date": "2025-07-09T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2025-07-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von European Union Vulnerability Database und Fedora aufgenommen" }, { "date": "2025-07-14T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2025-07-16T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2025-07-17T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2025-07-27T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2025-07-31T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2025-08-03T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2025-08-10T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2025-08-19T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2025-08-27T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2025-09-09T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2025-09-10T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2025-09-17T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat und Gentoo aufgenommen" } ], "status": "final", "version": "14" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c3.8.10", "product": { "name": "Open Source GnuTLS \u003c3.8.10", "product_id": "T045309" } }, { "category": "product_version", "name": "3.8.10", "product": { "name": "Open Source GnuTLS 3.8.10", "product_id": "T045309-fixed", "product_identification_helper": { "cpe": "cpe:/a:gnu:gnutls:3.8.10" } } } ], "category": "product_name", "name": "GnuTLS" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-32988", "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T045309", "398363", "T012167", "74185" ] }, "release_date": "2025-07-09T22:00:00.000+00:00", "title": "CVE-2025-32988" }, { "cve": "CVE-2025-32989", "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T045309", "398363", "T012167", "74185" ] }, "release_date": "2025-07-09T22:00:00.000+00:00", "title": "CVE-2025-32989" }, { "cve": "CVE-2025-32990", "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T045309", "398363", "T012167", "74185" ] }, "release_date": "2025-07-09T22:00:00.000+00:00", "title": "CVE-2025-32990" }, { "cve": "CVE-2025-6395", "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T045309", "398363", "T012167", "74185" ] }, "release_date": "2025-07-09T22:00:00.000+00:00", "title": "CVE-2025-6395" } ] }
suse-su-2025:02595-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for gnutls", "title": "Title of the patch" }, { "category": "description", "text": "This update for gnutls fixes the following issues:\n\n- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)\n- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)\n- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)\n- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2025-2595,SUSE-SLE-Module-Basesystem-15-SP6-2025-2595,SUSE-SLE-Module-Basesystem-15-SP7-2025-2595,openSUSE-SLE-15.6-2025-2595", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02595-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2025:02595-1", "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502595-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2025:02595-1", "url": "https://lists.suse.com/pipermail/sle-updates/2025-August/040997.html" }, { "category": "self", "summary": "SUSE Bug 1246232", "url": "https://bugzilla.suse.com/1246232" }, { "category": "self", "summary": "SUSE Bug 1246233", "url": "https://bugzilla.suse.com/1246233" }, { "category": "self", "summary": "SUSE Bug 1246267", "url": "https://bugzilla.suse.com/1246267" }, { "category": "self", "summary": "SUSE Bug 1246299", "url": "https://bugzilla.suse.com/1246299" }, { "category": "self", "summary": "SUSE CVE CVE-2025-32988 page", "url": "https://www.suse.com/security/cve/CVE-2025-32988/" }, { "category": "self", "summary": "SUSE CVE CVE-2025-32989 page", "url": "https://www.suse.com/security/cve/CVE-2025-32989/" }, { "category": "self", "summary": "SUSE CVE CVE-2025-32990 page", "url": "https://www.suse.com/security/cve/CVE-2025-32990/" }, { "category": "self", "summary": "SUSE CVE CVE-2025-6395 page", "url": "https://www.suse.com/security/cve/CVE-2025-6395/" } ], "title": "Security update for gnutls", "tracking": { "current_release_date": "2025-08-01T15:14:01Z", "generator": { "date": "2025-08-01T15:14:01Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2025:02595-1", "initial_release_date": "2025-08-01T15:14:01Z", "revision_history": [ { "date": "2025-08-01T15:14:01Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "gnutls-3.8.3-150600.4.9.1.aarch64", "product": { "name": "gnutls-3.8.3-150600.4.9.1.aarch64", "product_id": "gnutls-3.8.3-150600.4.9.1.aarch64" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "product": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "product_id": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64" } }, { "category": "product_version", "name": "libgnutls30-3.8.3-150600.4.9.1.aarch64", "product": { "name": "libgnutls30-3.8.3-150600.4.9.1.aarch64", "product_id": "libgnutls30-3.8.3-150600.4.9.1.aarch64" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "product": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "product_id": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "product": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "product_id": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libgnutls-devel-64bit-3.8.3-150600.4.9.1.aarch64_ilp32", "product": { "name": "libgnutls-devel-64bit-3.8.3-150600.4.9.1.aarch64_ilp32", "product_id": "libgnutls-devel-64bit-3.8.3-150600.4.9.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libgnutls30-64bit-3.8.3-150600.4.9.1.aarch64_ilp32", "product": { "name": "libgnutls30-64bit-3.8.3-150600.4.9.1.aarch64_ilp32", "product_id": "libgnutls30-64bit-3.8.3-150600.4.9.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.3-150600.4.9.1.i586", "product": { "name": "gnutls-3.8.3-150600.4.9.1.i586", "product_id": "gnutls-3.8.3-150600.4.9.1.i586" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.3-150600.4.9.1.i586", "product": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.i586", "product_id": "libgnutls-devel-3.8.3-150600.4.9.1.i586" } }, { "category": "product_version", "name": "libgnutls30-3.8.3-150600.4.9.1.i586", "product": { "name": "libgnutls30-3.8.3-150600.4.9.1.i586", "product_id": "libgnutls30-3.8.3-150600.4.9.1.i586" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.i586", "product": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.i586", "product_id": "libgnutlsxx-devel-3.8.3-150600.4.9.1.i586" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.3-150600.4.9.1.i586", "product": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.i586", "product_id": "libgnutlsxx30-3.8.3-150600.4.9.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.3-150600.4.9.1.ppc64le", "product": { "name": "gnutls-3.8.3-150600.4.9.1.ppc64le", "product_id": "gnutls-3.8.3-150600.4.9.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "product": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "product_id": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le" } }, { "category": "product_version", "name": "libgnutls30-3.8.3-150600.4.9.1.ppc64le", "product": { "name": "libgnutls30-3.8.3-150600.4.9.1.ppc64le", "product_id": "libgnutls30-3.8.3-150600.4.9.1.ppc64le" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "product": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "product_id": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "product": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "product_id": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.3-150600.4.9.1.s390x", "product": { "name": "gnutls-3.8.3-150600.4.9.1.s390x", "product_id": "gnutls-3.8.3-150600.4.9.1.s390x" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.3-150600.4.9.1.s390x", "product": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.s390x", "product_id": "libgnutls-devel-3.8.3-150600.4.9.1.s390x" } }, { "category": "product_version", "name": "libgnutls30-3.8.3-150600.4.9.1.s390x", "product": { "name": "libgnutls30-3.8.3-150600.4.9.1.s390x", "product_id": "libgnutls30-3.8.3-150600.4.9.1.s390x" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "product": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "product_id": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "product": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "product_id": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "gnutls-3.8.3-150600.4.9.1.x86_64", "product": { "name": "gnutls-3.8.3-150600.4.9.1.x86_64", "product_id": "gnutls-3.8.3-150600.4.9.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "product": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "product_id": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "product": { "name": "libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "product_id": "libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64" } }, { "category": "product_version", "name": "libgnutls30-3.8.3-150600.4.9.1.x86_64", "product": { "name": "libgnutls30-3.8.3-150600.4.9.1.x86_64", "product_id": "libgnutls30-3.8.3-150600.4.9.1.x86_64" } }, { "category": "product_version", "name": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "product": { "name": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "product_id": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64" } }, { "category": "product_version", "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "product": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "product_id": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64" } }, { "category": "product_version", "name": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "product": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "product_id": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6", "product": { "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7", "product": { "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7" } } }, { "category": "product_name", "name": "openSUSE Leap 15.6", "product": { "name": "openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.6" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.aarch64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.ppc64le as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.s390x as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "gnutls-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.s390x as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.aarch64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.ppc64le as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.s390x as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls30-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.6" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64 as component of openSUSE Leap 15.6", "product_id": "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" }, "product_reference": "libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-32988", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-32988" } ], "notes": [ { "category": "general", "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-32988", "url": "https://www.suse.com/security/cve/CVE-2025-32988" }, { "category": "external", "summary": "SUSE Bug 1246232 for CVE-2025-32988", "url": "https://bugzilla.suse.com/1246232" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-01T15:14:01Z", "details": "important" } ], "title": "CVE-2025-32988" }, { "cve": "CVE-2025-32989", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-32989" } ], "notes": [ { "category": "general", "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-32989", "url": "https://www.suse.com/security/cve/CVE-2025-32989" }, { "category": "external", "summary": "SUSE Bug 1246233 for CVE-2025-32989", "url": "https://bugzilla.suse.com/1246233" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-01T15:14:01Z", "details": "moderate" } ], "title": "CVE-2025-32989" }, { "cve": "CVE-2025-32990", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-32990" } ], "notes": [ { "category": "general", "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-32990", "url": "https://www.suse.com/security/cve/CVE-2025-32990" }, { "category": "external", "summary": "SUSE Bug 1246267 for CVE-2025-32990", "url": "https://bugzilla.suse.com/1246267" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-01T15:14:01Z", "details": "moderate" } ], "title": "CVE-2025-32990" }, { "cve": "CVE-2025-6395", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2025-6395" } ], "notes": [ { "category": "general", "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2025-6395", "url": "https://www.suse.com/security/cve/CVE-2025-6395" }, { "category": "external", "summary": "SUSE Bug 1246299 for CVE-2025-6395", "url": "https://bugzilla.suse.com/1246299" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:gnutls-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.9.1.x86_64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.aarch64", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.ppc64le", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.s390x", "openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2025-08-01T15:14:01Z", "details": "moderate" } ], "title": "CVE-2025-6395" } ] }
msrc_cve-2025-32989
Vulnerability from csaf_microsoft
Notes
{ "document": { "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Public", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.", "title": "Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "secure@microsoft.com", "name": "Microsoft Security Response Center", "namespace": "https://msrc.microsoft.com" }, "references": [ { "category": "self", "summary": "CVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsing - VEX", "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-32989.json" }, { "category": "external", "summary": "Microsoft Support Lifecycle", "url": "https://support.microsoft.com/lifecycle" }, { "category": "external", "summary": "Common Vulnerability Scoring System", "url": "https://www.first.org/cvss" } ], "title": "Gnutls: vulnerability in gnutls sct extension parsing", "tracking": { "current_release_date": "2025-07-25T00:00:00.000Z", "generator": { "date": "2025-10-20T03:36:12.124Z", "engine": { "name": "MSRC Generator", "version": "1.0" } }, "id": "msrc_CVE-2025-32989", "initial_release_date": "2025-07-02T00:00:00.000Z", "revision_history": [ { "date": "2025-07-15T00:00:00.000Z", "legacy_version": "1", "number": "1", "summary": "Information published." }, { "date": "2025-07-25T00:00:00.000Z", "legacy_version": "2", "number": "2", "summary": "Added gnutls to CBL-Mariner 2.0\nAdded gnutls to Azure Linux 3.0" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "2.0", "product": { "name": "CBL Mariner 2.0", "product_id": "17086" } }, { "category": "product_version", "name": "3.0", "product": { "name": "Azure Linux 3.0", "product_id": "17084" } } ], "category": "product_name", "name": "Azure Linux" }, { "branches": [ { "category": "product_version_range", "name": "\u003ccbl2 gnutls 3.7.11-4", "product": { "name": "\u003ccbl2 gnutls 3.7.11-4", "product_id": "3" } }, { "category": "product_version", "name": "cbl2 gnutls 3.7.11-4", "product": { "name": "cbl2 gnutls 3.7.11-4", "product_id": "19552" } }, { "category": "product_version_range", "name": "\u003cazl3 gnutls 3.8.3-5", "product": { "name": "\u003cazl3 gnutls 3.8.3-5", "product_id": "2" } }, { "category": "product_version", "name": "azl3 gnutls 3.8.3-5", "product": { "name": "azl3 gnutls 3.8.3-5", "product_id": "19597" } }, { "category": "product_version_range", "name": "\u003ccbl2 gnutls 3.7.11-3", "product": { "name": "\u003ccbl2 gnutls 3.7.11-3", "product_id": "1" } }, { "category": "product_version", "name": "cbl2 gnutls 3.7.11-3", "product": { "name": "cbl2 gnutls 3.7.11-3", "product_id": "20134" } }, { "category": "product_version_range", "name": "\u003cazl3 gnutls 3.8.3-4", "product": { "name": "\u003cazl3 gnutls 3.8.3-4", "product_id": "4" } }, { "category": "product_version", "name": "azl3 gnutls 3.8.3-4", "product": { "name": "azl3 gnutls 3.8.3-4", "product_id": "17479" } } ], "category": "product_name", "name": "gnutls" } ], "category": "vendor", "name": "Microsoft" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "\u003ccbl2 gnutls 3.7.11-4 as a component of CBL Mariner 2.0", "product_id": "17086-3" }, "product_reference": "3", "relates_to_product_reference": "17086" }, { "category": "default_component_of", "full_product_name": { "name": "cbl2 gnutls 3.7.11-4 as a component of CBL Mariner 2.0", "product_id": "19552-17086" }, "product_reference": "19552", "relates_to_product_reference": "17086" }, { "category": "default_component_of", "full_product_name": { "name": "\u003cazl3 gnutls 3.8.3-5 as a component of Azure Linux 3.0", "product_id": "17084-2" }, "product_reference": "2", "relates_to_product_reference": "17084" }, { "category": "default_component_of", "full_product_name": { "name": "azl3 gnutls 3.8.3-5 as a component of Azure Linux 3.0", "product_id": "19597-17084" }, "product_reference": "19597", "relates_to_product_reference": "17084" }, { "category": "default_component_of", "full_product_name": { "name": "\u003ccbl2 gnutls 3.7.11-3 as a component of CBL Mariner 2.0", "product_id": "17086-1" }, "product_reference": "1", "relates_to_product_reference": "17086" }, { "category": "default_component_of", "full_product_name": { "name": "cbl2 gnutls 3.7.11-3 as a component of CBL Mariner 2.0", "product_id": "20134-17086" }, "product_reference": "20134", "relates_to_product_reference": "17086" }, { "category": "default_component_of", "full_product_name": { "name": "\u003cazl3 gnutls 3.8.3-4 as a component of Azure Linux 3.0", "product_id": "17084-4" }, "product_reference": "4", "relates_to_product_reference": "17084" }, { "category": "default_component_of", "full_product_name": { "name": "azl3 gnutls 3.8.3-4 as a component of Azure Linux 3.0", "product_id": "17479-17084" }, "product_reference": "17479", "relates_to_product_reference": "17084" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-32989", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "general", "text": "redhat", "title": "Assigning CNA" } ], "product_status": { "fixed": [ "19552-17086", "19597-17084", "20134-17086", "17479-17084" ], "known_affected": [ "17086-3", "17084-2", "17086-1", "17084-4" ] }, "references": [ { "category": "self", "summary": "CVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsing - VEX", "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-32989.json" } ], "remediations": [ { "category": "vendor_fix", "date": "2025-07-15T00:00:00.000Z", "details": "3.7.11-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade", "product_ids": [ "17086-3", "17086-1" ], "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade" }, { "category": "vendor_fix", "date": "2025-07-15T00:00:00.000Z", "details": "3.8.3-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade", "product_ids": [ "17084-2", "17084-4" ], "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "environmentalsScore": 0.0, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 5.3, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "17086-3", "17084-2", "17086-1", "17084-4" ] } ], "title": "Gnutls: vulnerability in gnutls sct extension parsing" } ] }
ghsa-f7q5-qg45-7vm8
Vulnerability from github
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
{ "affected": [], "aliases": [ "CVE-2025-32989" ], "database_specific": { "cwe_ids": [ "CWE-295" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-07-10T08:15:24Z", "severity": "MODERATE" }, "details": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "id": "GHSA-f7q5-qg45-7vm8", "modified": "2025-10-23T21:31:36Z", "published": "2025-07-10T09:32:27Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2025:16115" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2025:16116" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2025:17348" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2025:17361" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2025:19088" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2025-32989" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.