GnuTLS: Data Theft and Crash Risks Due to Security Flaws

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

GnuTLS: Data Theft and Crash Risks Due to Security Flaws

RLSA-2026:5585

Summary

GnuTLS, a library used by many applications to secure online communications, has two security issues that could allow hackers to steal sensitive information or crash software, potentially leading to data breaches. Affected systems should be updated with the latest security patches as soon as possible to prevent these risks.

What to do

Update gnutls to version 0:3.6.16-8.el8_10.5.

Affected software

Vendor	Product	Affected versions	Fix available
–	gnutls	<= 0:3.6.16-8.el8_10.5	0:3.6.16-8.el8_10.5

Original title

Moderate: gnutls security update

Original description

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function (CVE-2025-9820)

* gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification (CVE-2025-14831)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

osv CVSS3.1 5.3

https://errata.rockylinux.org/RLSA-2026:5585 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2392528 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2423177 Third Party Advisory

Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026