发布时间: 2025年8月15日
修改时间: 2025年8月29日
A vulnerability, which was classified as problematic, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21000).
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 6.5 |
| Attack Complexity | High | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | Low | |
| User Interaction | None | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2832 | gnutls security update | 2025年9月15日 |
| KylinSec-SA-2025-2840 | gnutls security update | 2025年9月19日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | gnutls | Fixed |
| V6 | gnutls | Fixed |
| KY3.5.3 | gnutls | Fixed |
| KY3.5.2 | gnutls | Fixed |
