CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:16115
https://access.redhat.com/errata/RHSA-2025:16116
https://access.redhat.com/errata/RHSA-2025:17181
https://access.redhat.com/errata/RHSA-2025:17348
https://access.redhat.com/errata/RHSA-2025:17361
https://access.redhat.com/errata/RHSA-2025:17415
https://access.redhat.com/errata/RHSA-2025:19088
https://access.redhat.com/errata/RHSA-2025:22529
https://access.redhat.com/security/cve/CVE-2025-6395
https://bugzilla.redhat.com/show_bug.cgi?id=2376755
http://www.openwall.com/lists/oss-security/2025/07/11/3
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html

Configurations

No configuration.

History

01 Dec 2025, 22:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:22529 -

07 Nov 2025, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:17181 -

04 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/07/11/3 - () https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html -

Information

Published : 2025-07-10 16:15

Updated : 2025-12-01 22:15

NVD link : CVE-2025-6395

Mitre link : CVE-2025-6395

CVE.ORG link : CVE-2025-6395

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-6395", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2025-07-10T16:15:25.110", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:16115", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:16116", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17181", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17348", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17361", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:17415", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:19088", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:22529", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6395", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite()."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de desreferencia de puntero nulo en el software GnuTLS en _gnutls_figure_common_ciphersuite(). Al leer ciertas configuraciones de un archivo de plantilla, puede permitir que un atacante provoque una escritura de puntero nulo fuera de los l\u00edmites (OOB), lo que resulta en corrupci\u00f3n de memoria y una denegaci\u00f3n de servicio (DoS) que podr\u00eda colapsar el sistema."}], "lastModified": "2025-12-01T22:15:51.513", "sourceIdentifier": "[email protected]"}