CVE-2025-9820
Publication date 26 January 2026
Last updated 6 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
Read the notes from the security team
Why is this CVE low priority?
GnuTLS developers have rated this to be low severity
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gnutls28 | 26.04 LTS resolute |
Not affected
|
| 25.10 questing |
Fixed 3.8.9-3ubuntu2.1
|
|
| 24.04 LTS noble |
Fixed 3.8.3-1.1ubuntu3.5
|
|
| 22.04 LTS jammy |
Fixed 3.7.3-4ubuntu1.8
|
|
| 20.04 LTS focal |
Fixed 3.6.13-2ubuntu1.12+esm2
|
|
| 18.04 LTS bionic |
Fixed 3.5.18-1ubuntu1.6+esm3
|
|
| 16.04 LTS xenial |
Fixed 3.4.10-4ubuntu1.9+esm3
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialNotes
Severity score breakdown
CVSS version: CVSS v3.0
Base score
4.0 · Medium
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
Related Ubuntu Security Notices (USN)
- USN-8043-1
- GnuTLS vulnerabilities
- 16 February 2026
- USN-8502-1
- GnuTLS vulnerabilities
- 6 July 2026