CVE-2025-9820

Summary

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:3.8.10-3.el10_1 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.5 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.5 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.8.3-10.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.8.3-10.el9_7 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325677 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325711 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325710 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-3.1777325680 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325709 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325680 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325708 < *unaffected
Red HatRed Hat Ceph Storage 81774002867 < *unaffected
Red HatRed Hat Discovery 21775668717 < *unaffected
Red HatRed Hat Discovery 21775675922 < *unaffected
Red HatRed Hat Hardened Images3.8.12-1.1.hum1 < *unaffected
Red HatRed Hat Insights proxy 1.51773685509 < *unaffected
Red HatRed Hat Update Infrastructure 51773670073 < *unaffected
Red HatRed Hat Update Infrastructure 51773672059 < *unaffected
Red HatRed Hat Update Infrastructure 51773668803 < *unaffected
Red HatRed Hat Update Infrastructure 51773670137 < *unaffected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Applying the upstream patch or vendor-supplied security update is the recommended resolution.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References