CVE-2025-9820

Name
CVE-2025-9820
Description
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2025-9820
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2392528
secalert@redhat.com https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5
secalert@redhat.com https://gitlab.com/gnutls/gnutls/-/issues/1732
secalert@redhat.com https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/11/20/2

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gnutls edge-main 3.8.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.23-main 3.8.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed