Описание
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes’ memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gnutls | Affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gnutls | Fixed | RHSA-2025:16115 | 17.09.2025 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2025:16116 | 17.09.2025 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2025:16116 | 17.09.2025 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuT ...
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
6.5 Medium
CVSS3