| Package | gnutls28 |
|---|---|
| Version | 3.5.8-5+deb9u10 (stretch), 3.6.7-4+deb10u15 (buster) |
| Related CVEs | CVE-2025-9820 CVE-2025-14831 |
Vulnerabilities were found in GnuTLS, a portable library which implements the Transport Layer Security and Datagram Transport Layer Security protocols, which may lead to Denial of Service.
- CVE-2025-9820
-
An out-of-bound write issue was discovered when a PKCS#11 token is initialized with the
gnutls_pkcs11_token_init()function and it is passed a token label longer than 32 characters. - CVE-2025-14831
-
Tim Scheckenbach discovered that verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) could lead to resource exhaustion.
For Debian 10 buster, these problems have been fixed in version 3.6.7-4+deb10u15.
For Debian 9 stretch, these problems have been fixed in version 3.5.8-5+deb9u10.
We recommend that you upgrade your gnutls28 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.