Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification

Description

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
canonical	ubuntu linux	cert_advisory	90%
debian	debian linux	cert_advisory	90%
fedora	fedora linux	cert_advisory	90%
open source	gnutls	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%

References

https://access.redhat.com/errata/RHSA-2026:3477(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:4188(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:4655(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:4943(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:5585(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:5606(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6618(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6630(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2025-14831(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2423177(issue-tracking, x_refsource_REDHAT)
https://gitlab.com/gnutls/gnutls/-/issues/1773

Related News (1 articles)

Tier B

BSI Advisories5d ago

[UPDATE] [mittel] GnuTLS: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

CVSS 3.15.3 NONE

EPSS0.00(Top 79%)

CISA KEV❌ No

Actively exploited❌ No

Patch available

0:3.8.10-3.el10_10:3.6.16-8.el8_10.50:3.8.3-10.el9_70:3.8.3-6.el9_6.3sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7fsha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778

CWECWE-407

PublishedFeb 9, 2026

Last enriched4d ago

Trending Score15

Source articles1

Independent1

Info Completeness6/14

Missing: vendor, product, versions, kev, exploit, patch, iocs, mitre_attack