CVE-2025-9820

NameCVE-2025-9820
DescriptionA flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1121146

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnutls28 (PTS)bullseye3.7.1-5+deb11u5vulnerable
bullseye (security)3.7.1-5+deb11u8vulnerable
bookworm, bookworm (security)3.7.9-2+deb12u5vulnerable
trixie3.8.9-3+deb13u1fixed
forky3.8.11-3fixed
sid3.8.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls28sourceexperimental3.8.11-1
gnutls28sourcetrixie3.8.9-3+deb13u1
gnutls28source(unstable)3.8.11-31121146

Notes

[bookworm] - gnutls28 <no-dsa> (Minor issue)
[bullseye] - gnutls28 <postponed> (Minor issue; can be fixed in next update)
https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
https://gitlab.com/gnutls/gnutls/-/issues/1732
Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)
Search for package or bug name: Reporting problems