NIXPKGS-2026-1340

GitHub issue published 1 month, 3 weeks ago

Permalink CVE-2025-9820

4.0 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 5 months ago
@LeSuisse ignored
3 packages
- guile-gnutls
- python312Packages.python3-gnutls
- python313Packages.python3-gnutls
4 months, 2 weeks ago
@LeSuisse ignored maintainer @vcunat 1 month, 3 weeks ago maintainer.ignore
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.