GnuTLS NULL Pointer Dereference Vulnerability Leading to Memory Corruption and Denial-of-Service

Vulnerability

A NULL pointer dereference vulnerability has been identified in GnuTLS, specifically in the function _gnutls_figure_common_ciphersuite(). This flaw occurs when the software reads certain settings from a template file, allowing an attacker to perform an out-of-bounds NULL pointer write. The result is memory corruption that can cause a denial-of-service condition, potentially crashing the system.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing the process to crash. In some cases, it may allow reading or writing memory, with the possibility of executing unauthorized code, particularly if the NULL pointer dereference can be manipulated to access privileged memory.

Added: Jul 10, 2025, 4:17 PM

Updated: Jul 10, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GnuTLS NULL Pointer Dereference Vulnerability Leading to Memory Corruption and Denial-of-Service

Vulnerability

Impact

Affected Products

GnuTLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating