CVE-2025-6395

{"id": "CVE-2025-6395", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2025-07-10T16:15:25.110", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:16115", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:16116", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17348", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17361", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17415", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:19088", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6395", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", "source": "secalert@redhat.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite()."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de desreferencia de puntero nulo en el software GnuTLS en _gnutls_figure_common_ciphersuite(). Al leer ciertas configuraciones de un archivo de plantilla, puede permitir que un atacante provoque una escritura de puntero nulo fuera de los l\u00edmites (OOB), lo que resulta en corrupci\u00f3n de memoria y una denegaci\u00f3n de servicio (DoS) que podr\u00eda colapsar el sistema."}], "lastModified": "2025-10-23T20:15:41.210", "sourceIdentifier": "secalert@redhat.com"}