GnuTLS Double-Free Vulnerability in Subject Alternative Name Export Logic

Vulnerability

A double-free vulnerability has been identified in GnuTLS, arising from improper ownership management in the export process of Subject Alternative Name (SAN) entries that include an otherName. When an invalid or malformed type-id OID is present, GnuTLS erroneously calls asn1_delete_structure() on an ASN.1 node it does not own. This mismanagement creates a double-free condition, as the parent function or caller subsequently attempts to free the same structure. The vulnerability can be exploited using public GnuTLS APIs, potentially leading to memory corruption or a denial-of-service condition, depending on the behavior of the memory allocator.

Impact

Exploitation of this vulnerability can cause a double-free condition, leading to memory corruption or a denial-of-service situation, depending on how the memory allocator handles the corrupted memory.

Added: Jul 10, 2025, 10:24 AM

Updated: Jul 10, 2025, 10:24 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GnuTLS Double-Free Vulnerability in Subject Alternative Name Export Logic

Vulnerability

Impact

Affected Products

GnuTLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating