Description
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
Problem types
Product status
Any version before 3.8.10
0:3.8.9-9.el10_0.14 (rpm) before *
0:3.6.16-8.el8_10.4 (rpm) before *
0:3.6.16-8.el8_10.4 (rpm) before *
0:3.8.3-6.el9_6.2 (rpm) before *
0:3.8.3-6.el9_6.2 (rpm) before *
0:3.7.6-21.el9_2.4 (rpm) before *
0:3.8.3-4.el9_4.4 (rpm) before *
sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe (rpm) before *
sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648 (rpm) before *
sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea (rpm) before *
Timeline
| 2025-07-07: | Reported to Red Hat. |
| 2025-07-10: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/08/msg00005.html
www.openwall.com/lists/oss-security/2025/07/11/3
cert-portal.siemens.com/productcert/html/ssa-082556.html
access.redhat.com/errata/RHSA-2025:16115 (RHSA-2025:16115)
access.redhat.com/errata/RHSA-2025:16116 (RHSA-2025:16116)
access.redhat.com/errata/RHSA-2025:17181 (RHSA-2025:17181)
access.redhat.com/errata/RHSA-2025:17348 (RHSA-2025:17348)
access.redhat.com/errata/RHSA-2025:17361 (RHSA-2025:17361)
access.redhat.com/errata/RHSA-2025:17415 (RHSA-2025:17415)
access.redhat.com/errata/RHSA-2025:19088 (RHSA-2025:19088)
access.redhat.com/errata/RHSA-2025:22529 (RHSA-2025:22529)
access.redhat.com/security/cve/CVE-2025-6395
bugzilla.redhat.com/show_bug.cgi?id=2376755 (RHBZ#2376755)
gitlab.com/gnutls/gnutls/-/issues/1718
lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html