Bug 2359621 (CVE-2025-32989)

Summary: CVE-2025-32989 gnutls: Vulnerability in GnuTLS SCT extension parsing
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, kshier, omaciel, saroy, security-response-team, stcannon, yguenane
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-04-15 01:32:21 UTC 
A heap-buffer-overread vulnerability exists in GnuTLS (confirmed in version 3.8.9) due to unsafe
handling of the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension
during X.509 certificate parsing. The vulnerability can be triggered by a malicious peer
presenting a crafted certificate containing a malformed SCT extension (OID
1.3.6.1.4.1.11129.2.4.2).
This overread may lead to disclosure of heap memory contents to attackers if the SCT log_id
is logged, exported, or otherwise exposed by the application consuming the GnuTLS client
library.
Comment 2 errata-xmlrpc 2025-09-17 17:06:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:16115 https://access.redhat.com/errata/RHSA-2025:16115
Comment 3 errata-xmlrpc 2025-09-17 17:59:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:16116 https://access.redhat.com/errata/RHSA-2025:16116
Comment 4 errata-xmlrpc 2025-10-06 02:29:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:17348 https://access.redhat.com/errata/RHSA-2025:17348
Comment 5 errata-xmlrpc 2025-10-06 08:43:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:17361 https://access.redhat.com/errata/RHSA-2025:17361