VDB
DEBIAN-CVE-2025-9820
DEBIAN-CVE-2025-9820
PUBLISHED
CVSS 4 MEDIUM
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
Risk Scores
CVSS 3.1
4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | gnutls28 | 3.7.1-5, 0, 3.7.1-5+deb11u7 |
| Debian:13 | gnutls28 | 0, 3.8.9-3, 0 |
| Debian:14 | gnutls28 | 3.8.9-3, 3.8.10-1, 3.8.10-2 |
| Debian:12 | gnutls28 | 0, 3.7.9-2, 3.7.9-2 |
Exploit Intelligence
- 4628.1.0.yml (github-poc)
- version.py (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_175243.json (github-poc)
- ghost_report_20260112_182220.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260112_182638.json (github-poc)
Timeline
- Jan 26, 2026 CVE Published
- Apr 28, 2026 CVE Updated