CVE-2025-14831

NameCVE-2025-14831
DescriptionA flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnutls28 (PTS)bullseye3.7.1-5+deb11u5vulnerable
bullseye (security)3.7.1-5+deb11u8vulnerable
bookworm, bookworm (security)3.7.9-2+deb12u5vulnerable
trixie3.8.9-3+deb13u1vulnerable
forky3.8.11-3vulnerable
sid3.8.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls28source(unstable)3.8.12-1

Notes

https://gitlab.com/gnutls/gnutls/-/issues/1773
Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/d6054f0016db05fb5c82177ddbd0a4e8331059a1 (3.8.12)
Search for package or bug name: Reporting problems