CNNVD-202601-4333 Information

CNNVD ID

CNNVD-202601-4333

Related CVE

CVE-2025-9820

• CNNVD Published: 2026-01-26

Description (Chinese)

GnuTLS是GnuTLS开源的一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS存在安全漏洞，该漏洞源于gnutls_pkcs11_token_init函数存在栈缓冲区溢出，可能导致拒绝服务或本地权限提升。

Description (English)

GnuTLS is a free-of-charge secure communications bank for the implementation of SSL, TLS and DTLS protocols. There is a security loophole in GnuTLS, which stems from the spilling of the gnutls pkcs11 token init function, which may lead to the denial of services or the enhancement of local rights.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

gnutls

Published

2026-01-26

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 http://www.openwall.com/lists/oss-security/2025/11/20/2