CVE-2025-9820: Stack-based Buffer Overflow in Red Hat Red Hat Enterprise Linux 10
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
AI Analysis
Technical Summary
A stack-based buffer overflow exists in the gnutls_pkcs11_token_init() function of the GnuTLS library in Red Hat Enterprise Linux 10. When a PKCS#11 token label exceeding expected length is processed, the function writes beyond the allocated stack buffer, causing memory corruption. This flaw can cause the application using GnuTLS to crash or, under certain conditions, be exploited for local code execution or privilege escalation. The vulnerability has been assigned CVE-2025-9820 with a CVSS v3.1 base score of 4.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Red Hat has issued security advisories RHSA-2026:3477 and RHSA-2026:13812 providing updated GnuTLS packages and container images that include patches for this issue. The updates cover multiple architectures and related Red Hat products including OpenShift Container Platform. No known exploits in the wild have been reported.
Potential Impact
The vulnerability can cause denial of service through application crashes and may allow local privilege escalation or code execution under specific conditions. The CVSS score of 4.0 reflects a medium severity impact with local attack vector and no confidentiality or integrity impact. Systems running vulnerable versions of GnuTLS on Red Hat Enterprise Linux 10 or affected container images are at risk until patched. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released official patches for GnuTLS in Red Hat Enterprise Linux 10 and updated RHEL-8 based Middleware Containers images that address CVE-2025-9820. Users should apply the updated packages (gnutls-3.8.10-3.el10_1 or later) available from Red Hat repositories and rebuild any dependent container images using the updated base images from the Red Hat Container Registry. Detailed update instructions are provided in Red Hat advisories RHSA-2026:3477 and RHSA-2026:13812. Applying these updates fully mitigates the vulnerability. No additional action is required beyond applying the vendor-provided patches.
CVE-2025-9820: Stack-based Buffer Overflow in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A stack-based buffer overflow exists in the gnutls_pkcs11_token_init() function of the GnuTLS library in Red Hat Enterprise Linux 10. When a PKCS#11 token label exceeding expected length is processed, the function writes beyond the allocated stack buffer, causing memory corruption. This flaw can cause the application using GnuTLS to crash or, under certain conditions, be exploited for local code execution or privilege escalation. The vulnerability has been assigned CVE-2025-9820 with a CVSS v3.1 base score of 4.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Red Hat has issued security advisories RHSA-2026:3477 and RHSA-2026:13812 providing updated GnuTLS packages and container images that include patches for this issue. The updates cover multiple architectures and related Red Hat products including OpenShift Container Platform. No known exploits in the wild have been reported.
Potential Impact
The vulnerability can cause denial of service through application crashes and may allow local privilege escalation or code execution under specific conditions. The CVSS score of 4.0 reflects a medium severity impact with local attack vector and no confidentiality or integrity impact. Systems running vulnerable versions of GnuTLS on Red Hat Enterprise Linux 10 or affected container images are at risk until patched. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released official patches for GnuTLS in Red Hat Enterprise Linux 10 and updated RHEL-8 based Middleware Containers images that address CVE-2025-9820. Users should apply the updated packages (gnutls-3.8.10-3.el10_1 or later) available from Red Hat repositories and rebuild any dependent container images using the updated base images from the Red Hat Container Registry. Detailed update instructions are provided in Red Hat advisories RHSA-2026:3477 and RHSA-2026:13812. Applying these updates fully mitigates the vulnerability. No additional action is required beyond applying the vendor-provided patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-09-02T07:22:32.478Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2026:3477","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:4188","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:4655","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:4943","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:5585","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:5606","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:7329","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:7477","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-9820","vendor":"Red Hat"}]
Threat ID: 6977c9254623b1157cb7b5cb
Added to database: 1/26/2026, 8:05:57 PM
Last enriched: 5/6/2026, 1:40:08 AM
Last updated: 5/10/2026, 12:07:15 AM
Views: 159
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.