发布时间: 2025年8月15日
修改时间: 2025年8月29日
A vulnerability, which was classified as critical, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 8.2 | 6.5 |
| Attack Complexity | Low | High |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | Low | Low |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2832 | gnutls security update | 2025年9月15日 |
| KylinSec-SA-2025-2840 | gnutls security update | 2025年9月19日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | gnutls | Fixed |
| V6 | gnutls | Fixed |
| KY3.5.3 | gnutls | Fixed |
| KY3.5.2 | gnutls | Fixed |
