{"id":"USN-8043-1","summary":"gnutls28 vulnerabilities","details":"Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious\ncertificates containing a large number of name constraints and subject\nalternative names. A remote attacker could possibly use this issue to\ncause GnuTLS to consume resources, resulting in a denial of service.\n(CVE-2025-14831)\n\nLuigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11\ntoken labels. A remote attacker could use this issue to cause GnuTLS to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. The default compiler options for affected releases should reduce the\nvulnerability to a denial of service. (CVE-2025-9820)","modified":"2026-02-17T22:00:37.652199Z","published":"2026-02-16T13:53:33Z","related":["UBUNTU-CVE-2025-14831","UBUNTU-CVE-2025-9820"],"upstream":["CVE-2025-14831","CVE-2025-9820","UBUNTU-CVE-2025-14831","UBUNTU-CVE-2025-9820"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8043-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-9820"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-14831"}],"affected":[{"package":{"name":"gnutls28","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.8?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-4ubuntu1.8"}]}],"versions":["3.7.1-5ubuntu1","3.7.2-2ubuntu1","3.7.2-4ubuntu1","3.7.2-5ubuntu1","3.7.3-4ubuntu1","3.7.3-4ubuntu1.1","3.7.3-4ubuntu1.2","3.7.3-4ubuntu1.3","3.7.3-4ubuntu1.4","3.7.3-4ubuntu1.5","3.7.3-4ubuntu1.6","3.7.3-4ubuntu1.7"],"ecosystem_specific":{"binaries":[{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"gnutls-bin"},{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"guile-gnutls"},{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"libgnutls-dane0"},{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"libgnutls-openssl27"},{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"libgnutls28-dev"},{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"libgnutls30"},{"binary_version":"3.7.3-4ubuntu1.8","binary_name":"libgnutlsxx28"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8043-1.json","cves_map":{"cves":[{"id":"CVE-2025-9820","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2025-14831","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/gnutls28@3.8.3-1.1ubuntu3.5?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.3-1.1ubuntu3.5"}]}],"versions":["3.8.1-4ubuntu1","3.8.1-4ubuntu6","3.8.1-4ubuntu7","3.8.3-1ubuntu1","3.8.3-1.1ubuntu2","3.8.3-1.1ubuntu3","3.8.3-1.1ubuntu3.1","3.8.3-1.1ubuntu3.2","3.8.3-1.1ubuntu3.3","3.8.3-1.1ubuntu3.4"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.3-1.1ubuntu3.5","binary_name":"gnutls-bin"},{"binary_version":"3.8.3-1.1ubuntu3.5","binary_name":"libgnutls-dane0t64"},{"binary_version":"3.8.3-1.1ubuntu3.5","binary_name":"libgnutls-openssl27t64"},{"binary_version":"3.8.3-1.1ubuntu3.5","binary_name":"libgnutls28-dev"},{"binary_version":"3.8.3-1.1ubuntu3.5","binary_name":"libgnutls30t64"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8043-1.json","cves_map":{"cves":[{"id":"CVE-2025-9820","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2025-14831","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/gnutls28@3.8.9-3ubuntu2.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.9-3ubuntu2.1"}]}],"versions":["3.8.9-2ubuntu3","3.8.9-3ubuntu1","3.8.9-3ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.9-3ubuntu2.1","binary_name":"gnutls-bin"},{"binary_version":"3.8.9-3ubuntu2.1","binary_name":"libgnutls-dane0t64"},{"binary_version":"3.8.9-3ubuntu2.1","binary_name":"libgnutls-openssl27t64"},{"binary_version":"3.8.9-3ubuntu2.1","binary_name":"libgnutls28-dev"},{"binary_version":"3.8.9-3ubuntu2.1","binary_name":"libgnutls30t64"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8043-1.json","cves_map":{"cves":[{"id":"CVE-2025-9820","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2025-14831","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"}}}],"schema_version":"1.7.3"}