FKIE_CVE-2025-9820

Vulnerability from fkie_nvd - Published: 2026-01-26 20:16 - Updated: 2026-03-18 17:16
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:3477
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4188
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4655
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4943
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-9820
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2392528
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/-/issues/1732
secalert@redhat.comhttps://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/11/20/2
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en la librer\u00eda GnuTLS, espec\u00edficamente en la funci\u00f3n gnutls_pkcs11_token_init() que maneja la inicializaci\u00f3n de tokens PKCS#11. Cuando se procesa una etiqueta de token m\u00e1s larga de lo esperado, la funci\u00f3n escribe m\u00e1s all\u00e1 del final de un b\u00fafer de pila de tama\u00f1o fijo. Este error de programaci\u00f3n puede causar que la aplicaci\u00f3n que usa GnuTLS se bloquee o, en ciertas condiciones, ser explotado para la ejecuci\u00f3n de c\u00f3digo. Como resultado, los sistemas o aplicaciones que dependen de GnuTLS pueden ser vulnerables a ataques de denegaci\u00f3n de servicio o escalada de privilegios local."
    }
  ],
  "id": "CVE-2025-9820",
  "lastModified": "2026-03-18T17:16:05.273",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-26T20:16:09.370",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:3477"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4188"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4655"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4943"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-9820"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392528"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1732"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2025/11/20/2"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.