CVE-2025-9820

EUVD-2025-206344
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
redhatCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bookworm
vulnerable
bookworm (security)
3.7.9-2+deb12u6
fixed
bullseye
postponed
bullseye (security)
vulnerable
forky
3.8.12-2
fixed
sid
3.8.12-2
fixed
trixie
3.8.9-3+deb13u1
fixed
trixie (security)
3.8.9-3+deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls28
bionic
needs-triage
focal
needs-triage
jammy
Fixed 3.7.3-4ubuntu1.8
released
noble
Fixed 3.8.3-1.1ubuntu3.5
released
plucky
ignored
questing
Fixed 3.8.9-3ubuntu2.1
released
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-9820
https://bugzilla.redhat.com/show_bug.cgi?id=2392528
https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5
https://gitlab.com/gnutls/gnutls/-/issues/1732
https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
http://www.openwall.com/lists/oss-security/2025/11/20/2