CVE-2025-9820

A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

References

Affected packages

Git / gitlab.com/gnutls/gnutls

Affected ranges

Type: GIT
Repo: https://gitlab.com/gnutls/gnutls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1d56f96f6ab5034d677136b9d50b5a75dff0faf5

Affected versions

3.*

3.6.12

3.6.13

3.6.14

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.7.8

3.8.0

3.8.1

3.8.10

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

3.8.8

3.8.9

Other

gnutls-0-0-7

gnutls-0-1-0-srp

gnutls-0_1_2

gnutls-3_0_12

gnutls0-0-4

gnutls0-0-5

gnutls0-0-6

gnutls_0_1_4

gnutls_0_1_9

gnutls_0_2_0

gnutls_0_2_1

gnutls_0_2_10

gnutls_0_2_11

gnutls_0_2_2

gnutls_0_2_3

gnutls_0_2_4

gnutls_0_2_9

gnutls_0_2_90

gnutls_0_2_91

gnutls_0_3_0

gnutls_0_3_1

gnutls_0_3_2

gnutls_0_3_90

gnutls_0_3_91

gnutls_0_3_92

gnutls_0_4_0

gnutls_0_4_1

gnutls_0_4_2

gnutls_0_4_3

gnutls_0_4_with_libtasn1

gnutls_0_5_0

gnutls_0_5_1

gnutls_0_5_10

gnutls_0_5_11

gnutls_0_5_4

gnutls_0_5_5

gnutls_0_5_6

gnutls_0_5_7

gnutls_0_5_8

gnutls_0_5_9

gnutls_0_5_x_before_export_ciphersuites

gnutls_0_5_x_before_int_fixes

gnutls_0_5_x_before_types_change

gnutls_0_5_x_with_export_ciphersuites

gnutls_0_6_0

gnutls_0_8_0

gnutls_0_8_1

gnutls_0_9_1

gnutls_0_9_2

gnutls_0_9_3

gnutls_0_9_4

gnutls_0_9_5

gnutls_0_9_6

gnutls_0_9_7

gnutls_0_9_8

gnutls_0_9_90

gnutls_0_9_91

gnutls_0_9_92

gnutls_0_9_93

gnutls_0_9_94

gnutls_0_9_95

gnutls_0_9_96

gnutls_0_9_97

gnutls_0_9_98

gnutls_0_9_99

gnutls_1_0_0

gnutls_1_0_20

gnutls_1_0_21

gnutls_1_0_22

gnutls_1_0_23

gnutls_1_0_24

gnutls_1_0_25

gnutls_1_1_0

gnutls_1_1_1

gnutls_1_1_10

gnutls_1_1_11

gnutls_1_1_12

gnutls_1_1_13

gnutls_1_1_14

gnutls_1_1_15

gnutls_1_1_16

gnutls_1_1_17

gnutls_1_1_18

gnutls_1_1_19

gnutls_1_1_2

gnutls_1_1_20

gnutls_1_1_21

gnutls_1_1_22

gnutls_1_1_23

gnutls_1_1_3

gnutls_1_1_4

gnutls_1_1_5

gnutls_1_1_6

gnutls_1_1_7

gnutls_1_1_7_pre0

gnutls_1_1_8

gnutls_1_1_9

gnutls_1_2_0

gnutls_1_2_1

gnutls_1_2_10

gnutls_1_2_11

gnutls_1_2_2

gnutls_1_2_3

gnutls_1_2_4

gnutls_1_2_5

gnutls_1_2_6

gnutls_1_2_7

gnutls_1_2_8

gnutls_1_2_9

gnutls_1_3_0

gnutls_1_3_1

gnutls_1_3_2

gnutls_1_3_3

gnutls_1_3_4

gnutls_1_3_5

gnutls_1_4_0

gnutls_1_4_1

gnutls_1_4_2

gnutls_1_5_0

gnutls_1_5_1

gnutls_1_5_2

gnutls_1_5_3

gnutls_1_5_4

gnutls_1_5_5

gnutls_1_6_0

gnutls_1_6_1

gnutls_1_7_0

gnutls_1_7_1

gnutls_1_7_10

gnutls_1_7_11

gnutls_1_7_12

gnutls_1_7_13

gnutls_1_7_14

gnutls_1_7_15

gnutls_1_7_16

gnutls_1_7_17

gnutls_1_7_18

gnutls_1_7_19

gnutls_1_7_2

gnutls_1_7_3

gnutls_1_7_4

gnutls_1_7_5

gnutls_1_7_6

gnutls_1_7_7

gnutls_1_7_8

gnutls_1_7_9

gnutls_2_0_0

gnutls_2_0_1

gnutls_2_11_3

gnutls_2_11_4

gnutls_2_11_5

gnutls_2_11_6

gnutls_2_1_0

gnutls_2_1_1

gnutls_2_1_2

gnutls_2_1_3

gnutls_2_1_4

gnutls_2_1_5

gnutls_2_1_6

gnutls_2_1_7

gnutls_2_1_8

gnutls_2_3_0

gnutls_2_3_1

gnutls_2_3_10

gnutls_2_3_11

gnutls_2_3_12

gnutls_2_3_13

gnutls_2_3_14

gnutls_2_3_15

gnutls_2_3_2

gnutls_2_3_3

gnutls_2_3_4

gnutls_2_3_4_netconf_0

gnutls_2_3_4_netconf_1

gnutls_2_3_4_netconf_2

gnutls_2_3_5

gnutls_2_3_6

gnutls_2_3_7

gnutls_2_3_8

gnutls_2_3_9

gnutls_2_4_0

gnutls_2_5_0

gnutls_2_5_1

gnutls_2_5_2

gnutls_2_5_3

gnutls_2_5_4

gnutls_2_5_5

gnutls_2_5_6

gnutls_2_5_7

gnutls_2_5_8

gnutls_2_5_9

gnutls_2_7_0

gnutls_2_7_1

gnutls_2_7_10

gnutls_2_7_11

gnutls_2_7_12

gnutls_2_7_13

gnutls_2_7_14

gnutls_2_7_2

gnutls_2_7_3

gnutls_2_7_4

gnutls_2_7_5

gnutls_2_7_6

gnutls_2_7_7

gnutls_2_7_8

gnutls_2_7_9

gnutls_2_8_0

gnutls_2_99_0

gnutls_2_99_1

gnutls_2_99_2

gnutls_2_99_3

gnutls_2_99_4

gnutls_2_9_0

gnutls_2_9_1

gnutls_2_9_10

gnutls_2_9_2

gnutls_2_9_3

gnutls_2_9_4

gnutls_2_9_5

gnutls_2_9_6

gnutls_2_9_7

gnutls_2_9_8

gnutls_2_9_9

gnutls_3_0_0

gnutls_3_0_10

gnutls_3_0_11

gnutls_3_0_13

gnutls_3_0_14

gnutls_3_0_15

gnutls_3_0_16

gnutls_3_0_17

gnutls_3_0_18

gnutls_3_0_2

gnutls_3_0_21

gnutls_3_0_3

gnutls_3_0_4

gnutls_3_0_5

gnutls_3_0_6

gnutls_3_0_7

gnutls_3_0_8

gnutls_3_0_9

gnutls_3_1_0

gnutls_3_1_0pre0

gnutls_3_1_2

gnutls_3_1_3

gnutls_3_1_4

gnutls_3_1_5

gnutls_3_1_6

gnutls_3_1_7

gnutls_3_1_8

gnutls_3_1_9

gnutls_3_2_0

gnutls_3_2_2

gnutls_3_2_3

gnutls_3_2_3pre0

gnutls_3_2_4

gnutls_3_2_5

gnutls_3_2_6

gnutls_3_3_0

gnutls_3_3_1

gnutls_3_3_2

gnutls_3_3_3

gnutls_3_3_4

gnutls_3_3_5

gnutls_3_3_6

gnutls_3_4_0

gnutls_3_4_1

gnutls_3_4_2

gnutls_3_4_3

gnutls_3_5_0

gnutls_3_5_1

gnutls_3_5_2

gnutls_3_5_3

gnutls_3_5_4

gnutls_3_5_5

gnutls_3_5_7

gnutls_3_6_0

gnutls_3_6_0_1

gnutls_3_6_1

gnutls_3_6_10

gnutls_3_6_11

gnutls_3_6_11_1

gnutls_3_6_12

gnutls_3_6_2

gnutls_3_6_3

gnutls_3_6_4

gnutls_3_6_5

gnutls_3_6_6

gnutls_3_6_7

gnutls_3_6_9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-9820.json"

vanir_signatures

[
    {
        "target": {
            "file": "lib/pkcs11_write.c"
        },
        "id": "CVE-2025-9820-2f514dfb",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203081701998267077212086687325320656047",
                "181103679989110600517533548016277704131",
                "39853057649325964027587234063574987404",
                "259048303717493519631185376627170807634",
                "235519305165135146109306515938527170000",
                "15365237184004671114243159335111336950",
                "128494245172431755117396483110562105716",
                "44347100990748648967188547802763753138",
                "328331381237090027273525864829690989806",
                "255687099527695671086163998843993578170",
                "226269730992432168968068826384392231200"
            ]
        },
        "signature_type": "Line",
        "source": "https://gitlab.com/gnutls/gnutls@1d56f96f6ab5034d677136b9d50b5a75dff0faf5",
        "deprecated": false
    },
    {
        "id": "CVE-2025-9820-ef29652e",
        "signature_version": "v1",
        "target": {
            "file": "lib/pkcs11_write.c",
            "function": "gnutls_pkcs11_token_init"
        },
        "digest": {
            "function_hash": "129252198033229729266867875486069486085",
            "length": 734.0
        },
        "signature_type": "Function",
        "source": "https://gitlab.com/gnutls/gnutls@1d56f96f6ab5034d677136b9d50b5a75dff0faf5",
        "deprecated": false
    }
]