CVE-2025-9820
Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function
CVSS Score
4.0
EPSS Score
0.0%
EPSS Percentile
3th
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
| CWE | CWE-121 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Jan 26, 2026 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Ceph Storage 8
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Insights proxy 1.5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Hardened Images
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3477 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4188 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4655 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4943 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5585 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5606 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7329 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-9820 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2392528 gitlab.com: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 gitlab.com: https://gitlab.com/gnutls/gnutls/-/issues/1732 gnutls.org: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 openwall.com: http://www.openwall.com/lists/oss-security/2025/11/20/2