GnuTLS Stack Buffer Overflow in PKCS#11 Init Allows DoS/Code Exec
CVE-2025-9820 Published on January 26, 2026
Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
Vulnerability Analysis
CVE-2025-9820 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Timeline
Reported to Red Hat.
Made public. 77 days later.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2025-9820 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2025-9820
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-9820 are published in these products:
Affected Versions
Red Hat Enterprise Linux 10:- Version 0:3.8.10-3.el10_1 and below * is unaffected.
- Version 0:3.8.3-10.el9_7 and below * is unaffected.
- Version 0:3.8.3-10.el9_7 and below * is unaffected.
- Version sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8 and below * is unaffected.
- Version sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524 and below * is unaffected.
- Version sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3 and below * is unaffected.
- Version sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f and below * is unaffected.
- Version sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.