AZL-75258

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75258.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-75258

Upstream

CVE-2025-9820

Published

2026-01-26T20:16:09Z

Modified

2026-04-01T05:22:50.219856Z

Summary

CVE-2025-9820 affecting package gnutls for versions less than 3.7.11-6

Details

A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9820

Affected packages

Azure Linux:2 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/azure-linux/gnutls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.11-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75258.json"