CVE Catalog

CVE-2025-9820

MediumCVSS 4.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A flaw was found in the GnuTLS library in the gnutls_pkcs11_token_init() function handling PKCS#11 token initialization. Processing a token label longer than expected causes a stack buffer overflow, potentially leading to application crashes or code execution.

Risk Assessment

The organization is at risk of denial of service (DoS) and local privilege escalation attacks if applications using GnuTLS process malicious PKCS#11 tokens. This could disrupt services or allow system compromise.

Recommendation

Update GnuTLS library to the latest patched version immediately. Restrict PKCS#11 function access to trusted sources only.

Original NVD description (English source)

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS