{"id":"USN-8502-1","summary":"gnutls28 vulnerabilities","details":"It was discovered that GnuTLS had a timing side-channel when processing\nmalformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker\ncould possibly use this issue to recover sensitive information. This\nissue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)\n\nBing Shi discovered that GnuTLS incorrectly handled decoding certain\nDER-encoded certificates. A remote attacker could possibly use this\nissue to cause GnuTLS to consume resources, leading to a denial of\nservice. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)\n\nLuigino Camastra discovered that GnuTLS incorrectly handled certain\nPKCS11 token labels. A remote attacker could use this issue to cause\nGnuTLS to crash, resulting in a denial of service, or possibly execute\narbitrary code. The default compiler options for affected releases\nshould reduce the vulnerability to a denial of service. (CVE-2025-9820)\n\nTim Scheckenbach discovered that GnuTLS incorrectly handled malicious\ncertificates containing a large number of name constraints and subject\nalternative names. A remote attacker could possibly use this issue to\ncause GnuTLS to consume resources, resulting in a denial of service.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2025-14831)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nhandle case-insensitive name constraints in certain cases. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-3833)\n\nJoshua Rogers discovered that GnuTLS did not properly handle very short\npremaster secrets in certain RSA key exchange cases with PKCS#11-backed\nserver keys. A remote attacker could possibly use this issue to obtain\nsensitive information. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2026-5260)\n\nJoshua Rogers discovered that GnuTLS did not properly handle malformed\nDTLS handshake fragments in certain cases. A remote attacker could\npossibly use this issue to obtain sensitive information, or cause a\ndenial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2026-33845)\n\nHaruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did\nnot properly validate DTLS handshake fragment lengths in certain cases.\nA remote attacker could possibly use this issue to cause GnuTLS to\ncrash, resulting in a denial of service, or execute arbitrary code.\n(CVE-2026-33846)\n\nJoshua Rogers discovered that GnuTLS did not properly order DTLS packets\nwith duplicate sequence numbers in certain cases. A remote attacker\ncould possibly use this issue to cause GnuTLS to crash, resulting in a\ndenial of service. (CVE-2026-42009)\n\nJoshua Rogers discovered that GnuTLS did not properly handle usernames\ncontaining NUL characters in certain RSA-PSK configurations. A remote\nattacker could possibly use this issue to bypass authentication and gain\nunintended access to services. This issue only affected Ubuntu 20.04\nLTS. (CVE-2026-42010)","modified":"2026-07-06T20:44:29.015957909Z","published":"2026-07-06T13:37:09Z","related":["UBUNTU-CVE-2024-0553","UBUNTU-CVE-2024-12243","UBUNTU-CVE-2025-14831","UBUNTU-CVE-2025-9820","UBUNTU-CVE-2026-33845","UBUNTU-CVE-2026-33846","UBUNTU-CVE-2026-3833","UBUNTU-CVE-2026-42009","UBUNTU-CVE-2026-42010","UBUNTU-CVE-2026-5260"],"upstream":["CVE-2024-0553","CVE-2024-12243","CVE-2025-14831","CVE-2025-9820","CVE-2026-33845","CVE-2026-33846","CVE-2026-3833","CVE-2026-42009","CVE-2026-42010","CVE-2026-5260","UBUNTU-CVE-2024-0553","UBUNTU-CVE-2024-12243","UBUNTU-CVE-2025-14831","UBUNTU-CVE-2025-9820","UBUNTU-CVE-2026-33845","UBUNTU-CVE-2026-33846","UBUNTU-CVE-2026-3833","UBUNTU-CVE-2026-42009","UBUNTU-CVE-2026-42010","UBUNTU-CVE-2026-5260"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8502-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-0553"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-12243"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-9820"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-14831"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3833"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-5260"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-33845"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-33846"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42009"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42010"}],"affected":[{"package":{"name":"gnutls28","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.10-4ubuntu1.9+esm3"}]}],"versions":["3.3.15-5ubuntu2","3.3.18-1ubuntu1","3.3.20-1ubuntu1","3.4.9-2ubuntu1","3.4.10-4ubuntu1","3.4.10-4ubuntu1.1","3.4.10-4ubuntu1.2","3.4.10-4ubuntu1.3","3.4.10-4ubuntu1.4","3.4.10-4ubuntu1.5","3.4.10-4ubuntu1.6","3.4.10-4ubuntu1.7","3.4.10-4ubuntu1.8","3.4.10-4ubuntu1.9","3.4.10-4ubuntu1.9+esm1","3.4.10-4ubuntu1.9+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"gnutls-bin","binary_version":"3.4.10-4ubuntu1.9+esm3"},{"binary_name":"guile-gnutls","binary_version":"3.4.10-4ubuntu1.9+esm3"},{"binary_name":"libgnutls-openssl27","binary_version":"3.4.10-4ubuntu1.9+esm3"},{"binary_name":"libgnutls30","binary_version":"3.4.10-4ubuntu1.9+esm3"},{"binary_name":"libgnutlsxx28","binary_version":"3.4.10-4ubuntu1.9+esm3"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8502-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2025-9820"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-3833"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-33846"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-42009"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=esm-infra%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.18-1ubuntu1.6+esm3"}]}],"versions":["3.5.8-6ubuntu3","3.5.17-1ubuntu1","3.5.17-1ubuntu3","3.5.18-1ubuntu1","3.5.18-1ubuntu1.1","3.5.18-1ubuntu1.2","3.5.18-1ubuntu1.3","3.5.18-1ubuntu1.4","3.5.18-1ubuntu1.5","3.5.18-1ubuntu1.6","3.5.18-1ubuntu1.6+esm1","3.5.18-1ubuntu1.6+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"gnutls-bin","binary_version":"3.5.18-1ubuntu1.6+esm3"},{"binary_name":"libgnutls-dane0","binary_version":"3.5.18-1ubuntu1.6+esm3"},{"binary_name":"libgnutls-openssl27","binary_version":"3.5.18-1ubuntu1.6+esm3"},{"binary_name":"libgnutls30","binary_version":"3.5.18-1ubuntu1.6+esm3"},{"binary_name":"libgnutlsxx28","binary_version":"3.5.18-1ubuntu1.6+esm3"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8502-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-0553"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-12243"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2025-9820"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-14831"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-3833"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-5260"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-33846"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-42009"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=esm-infra%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.13-2ubuntu1.12+esm2"}]}],"versions":["3.6.9-5ubuntu1","3.6.9-5ubuntu2","3.6.10-5","3.6.11.1-2","3.6.11.1-2ubuntu2","3.6.13-2ubuntu1","3.6.13-2ubuntu1.1","3.6.13-2ubuntu1.2","3.6.13-2ubuntu1.3","3.6.13-2ubuntu1.6","3.6.13-2ubuntu1.7","3.6.13-2ubuntu1.8","3.6.13-2ubuntu1.9","3.6.13-2ubuntu1.10","3.6.13-2ubuntu1.11","3.6.13-2ubuntu1.12","3.6.13-2ubuntu1.12+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"gnutls-bin","binary_version":"3.6.13-2ubuntu1.12+esm2"},{"binary_name":"guile-gnutls","binary_version":"3.6.13-2ubuntu1.12+esm2"},{"binary_name":"libgnutls-dane0","binary_version":"3.6.13-2ubuntu1.12+esm2"},{"binary_name":"libgnutls-openssl27","binary_version":"3.6.13-2ubuntu1.12+esm2"},{"binary_name":"libgnutls30","binary_version":"3.6.13-2ubuntu1.12+esm2"},{"binary_name":"libgnutlsxx28","binary_version":"3.6.13-2ubuntu1.12+esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8502-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2025-9820"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-14831"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-3833"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-5260"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-33845"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-33846"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-42009"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-42010"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}}],"schema_version":"1.7.5"}