[Security] Vulnerability in GnuTLS otherName SAN export

Hello GnuTLS Security Team,

We’re contacting you from OpenAI Security Research to notify you of a potential security issue identified during our internal research process in GnuTLS’s handling of otherName Subject Alternative Name entries.

We have validated the behavior internally and believe it may pose a medium risk.

Please see the attached PDF report for details.

We are reaching out privately and cooperatively. We are happy to collaborate on patch validation or coordinate timelines. We are not planning to make any public disclosure unless there is an agreement to do so or we assess that the risk requires it.

Please let us know how you’d prefer to proceed and if you need additional details or support.

Best regards, OpenAI Security Research Team outbounddisclosures@openai.com

Security_Advisory__GnuTLS_Double-Free_in_otherName_SAN_Export.pdf