Debian 11 gnutls28 Critical Denial Of Service CVE-2025-9820 DLA-4492-1
debian lts
February 25, 2026
Vulnerabilities were found in GnuTLS, a portable library which implements the Transport Layer Security and Datagram Transport Layer Security protocols, which may lead to Denial of ...
Topics Covered
Summary
CVE-2025-9820
An out-of-bound write issue was discovered when a PKCS#11 token is
initialized with the `gnutls_pkcs11_token_init()` function and it is
passed a token label longer than 32 characters.
CVE-2025-14831
Tim Scheckenbach discovered that verifying specially crafted
malicious certificates containing a large number of name constraints
and subject alternative names (SANs) could lead to resource
exhaustion.
For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u9.
We recommend that you upgrade your gnutls28 packages.
For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/gnutls28
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gnutls28
Version: 3.7.1-5+deb11u9
CVE ID: CVE-2025-9820 CVE-2025-14831
Debian Bug: 1121146
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!