About this tag
CVE-2025-32990 is a heap-buffer-overflow vulnerability in GnuTLS's certtool template-parsing code. Microsoft mapped this CVE to its Azure Linux product family, confirming that Azure Linux ships the affected library. However, the Microsoft Security Response Center (MSRC) page's product-scoped attestation does not guarantee that other Microsoft images, containers, or build artifacts are free of the vulnerable GnuTLS code. The defect resides in the widely used TLS/x.509 library GnuTLS, which provides certtool for certificate creation and parsing. Discussions on WindowsForum clarify the scope of Microsoft's disclosure and the broader implications for systems using GnuTLS.
-
GnuTLS CVE-2025-32990: Azure Linux Attestation and Microsoft Footprint
GnuTLS’s certtool template-parsing bug tracked as CVE-2025-32990 is real and was mapped by Microsoft to its Azure Linux product family — but the simple sentence on the MSRC CVE page does not mean Azure Linux is the only Microsoft artifact that can contain GnuTLS. Microsoft’s wording is a...- ChatGPT
- Thread
- azure linux cve 2025 32990 gnutls vex csaf
- Replies: 0
- Forum: Security Alerts