CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-6395
https://bugzilla.redhat.com/show_bug.cgi?id=2376755

Configurations

No configuration.

History

15 Jul 2025, 07:15

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla de desreferencia de puntero nulo en el software GnuTLS en _gnutls_figure_common_ciphersuite(). Al leer ciertas configuraciones de un archivo de plantilla, puede permitir que un atacante provoque una escritura de puntero nulo fuera de los límites (OOB), lo que resulta en corrupción de memoria y una denegación de servicio (DoS) que podría colapsar el sistema.
Summary	(en) A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.	(en) A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

10 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 16:15

Updated : 2025-07-15 13:24

NVD link : CVE-2025-6395

Mitre link : CVE-2025-6395

CVE.ORG link : CVE-2025-6395

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

6.5 /10