usn-8502-1
Vulnerability from osv_ubuntu
Published
2026-07-06 13:37
Modified
2026-07-06 13:37
Summary
gnutls28 vulnerabilities
Details

It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)

Bing Shi discovered that GnuTLS incorrectly handled decoding certain DER-encoded certificates. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)

Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11 token labels. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2025-9820)

Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-14831)

Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly handle case-insensitive name constraints in certain cases. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-3833)

Joshua Rogers discovered that GnuTLS did not properly handle very short premaster secrets in certain RSA key exchange cases with PKCS#11-backed server keys. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-5260)

Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-33845)

Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did not properly validate DTLS handshake fragment lengths in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-33846)

Joshua Rogers discovered that GnuTLS did not properly order DTLS packets with duplicate sequence numbers in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. (CVE-2026-42009)

Joshua Rogers discovered that GnuTLS did not properly handle usernames containing NUL characters in certain RSA-PSK configurations. A remote attacker could possibly use this issue to bypass authentication and gain unintended access to services. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-42010)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2025-9820",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-3833",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-33846",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-42009",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "gnutls-bin",
            "binary_version": "3.4.10-4ubuntu1.9+esm3"
          },
          {
            "binary_name": "guile-gnutls",
            "binary_version": "3.4.10-4ubuntu1.9+esm3"
          },
          {
            "binary_name": "libgnutls-openssl27",
            "binary_version": "3.4.10-4ubuntu1.9+esm3"
          },
          {
            "binary_name": "libgnutls30",
            "binary_version": "3.4.10-4ubuntu1.9+esm3"
          },
          {
            "binary_name": "libgnutlsxx28",
            "binary_version": "3.4.10-4ubuntu1.9+esm3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "gnutls28",
        "purl": "pkg:deb/ubuntu/gnutls28@3.4.10-4ubuntu1.9+esm3?arch=source\u0026distro=esm-infra-legacy/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.10-4ubuntu1.9+esm3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.3.15-5ubuntu2",
        "3.3.18-1ubuntu1",
        "3.3.20-1ubuntu1",
        "3.4.9-2ubuntu1",
        "3.4.10-4ubuntu1",
        "3.4.10-4ubuntu1.1",
        "3.4.10-4ubuntu1.2",
        "3.4.10-4ubuntu1.3",
        "3.4.10-4ubuntu1.4",
        "3.4.10-4ubuntu1.5",
        "3.4.10-4ubuntu1.6",
        "3.4.10-4ubuntu1.7",
        "3.4.10-4ubuntu1.8",
        "3.4.10-4ubuntu1.9",
        "3.4.10-4ubuntu1.9+esm1",
        "3.4.10-4ubuntu1.9+esm2"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2024-0553",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-12243",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-9820",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-14831",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-3833",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-5260",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-33846",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-42009",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "gnutls-bin",
            "binary_version": "3.5.18-1ubuntu1.6+esm3"
          },
          {
            "binary_name": "libgnutls-dane0",
            "binary_version": "3.5.18-1ubuntu1.6+esm3"
          },
          {
            "binary_name": "libgnutls-openssl27",
            "binary_version": "3.5.18-1ubuntu1.6+esm3"
          },
          {
            "binary_name": "libgnutls30",
            "binary_version": "3.5.18-1ubuntu1.6+esm3"
          },
          {
            "binary_name": "libgnutlsxx28",
            "binary_version": "3.5.18-1ubuntu1.6+esm3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "gnutls28",
        "purl": "pkg:deb/ubuntu/gnutls28@3.5.18-1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.18-1ubuntu1.6+esm3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.5.8-6ubuntu3",
        "3.5.17-1ubuntu1",
        "3.5.17-1ubuntu3",
        "3.5.18-1ubuntu1",
        "3.5.18-1ubuntu1.1",
        "3.5.18-1ubuntu1.2",
        "3.5.18-1ubuntu1.3",
        "3.5.18-1ubuntu1.4",
        "3.5.18-1ubuntu1.5",
        "3.5.18-1ubuntu1.6",
        "3.5.18-1ubuntu1.6+esm1",
        "3.5.18-1ubuntu1.6+esm2"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2025-9820",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-14831",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-3833",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-5260",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-33845",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-33846",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-42009",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-42010",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "gnutls-bin",
            "binary_version": "3.6.13-2ubuntu1.12+esm2"
          },
          {
            "binary_name": "guile-gnutls",
            "binary_version": "3.6.13-2ubuntu1.12+esm2"
          },
          {
            "binary_name": "libgnutls-dane0",
            "binary_version": "3.6.13-2ubuntu1.12+esm2"
          },
          {
            "binary_name": "libgnutls-openssl27",
            "binary_version": "3.6.13-2ubuntu1.12+esm2"
          },
          {
            "binary_name": "libgnutls30",
            "binary_version": "3.6.13-2ubuntu1.12+esm2"
          },
          {
            "binary_name": "libgnutlsxx28",
            "binary_version": "3.6.13-2ubuntu1.12+esm2"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:20.04:LTS",
        "name": "gnutls28",
        "purl": "pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.12+esm2?arch=source\u0026distro=esm-infra/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.13-2ubuntu1.12+esm2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.6.9-5ubuntu1",
        "3.6.9-5ubuntu2",
        "3.6.10-5",
        "3.6.11.1-2",
        "3.6.11.1-2ubuntu2",
        "3.6.13-2ubuntu1",
        "3.6.13-2ubuntu1.1",
        "3.6.13-2ubuntu1.2",
        "3.6.13-2ubuntu1.3",
        "3.6.13-2ubuntu1.6",
        "3.6.13-2ubuntu1.7",
        "3.6.13-2ubuntu1.8",
        "3.6.13-2ubuntu1.9",
        "3.6.13-2ubuntu1.10",
        "3.6.13-2ubuntu1.11",
        "3.6.13-2ubuntu1.12",
        "3.6.13-2ubuntu1.12+esm1"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that GnuTLS had a timing side-channel when processing\nmalformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker\ncould possibly use this issue to recover sensitive information. This\nissue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)\n\nBing Shi discovered that GnuTLS incorrectly handled decoding certain\nDER-encoded certificates. A remote attacker could possibly use this\nissue to cause GnuTLS to consume resources, leading to a denial of\nservice. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)\n\nLuigino Camastra discovered that GnuTLS incorrectly handled certain\nPKCS11 token labels. A remote attacker could use this issue to cause\nGnuTLS to crash, resulting in a denial of service, or possibly execute\narbitrary code. The default compiler options for affected releases\nshould reduce the vulnerability to a denial of service. (CVE-2025-9820)\n\nTim Scheckenbach discovered that GnuTLS incorrectly handled malicious\ncertificates containing a large number of name constraints and subject\nalternative names. A remote attacker could possibly use this issue to\ncause GnuTLS to consume resources, resulting in a denial of service.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2025-14831)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nhandle case-insensitive name constraints in certain cases. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-3833)\n\nJoshua Rogers discovered that GnuTLS did not properly handle very short\npremaster secrets in certain RSA key exchange cases with PKCS#11-backed\nserver keys. A remote attacker could possibly use this issue to obtain\nsensitive information. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2026-5260)\n\nJoshua Rogers discovered that GnuTLS did not properly handle malformed\nDTLS handshake fragments in certain cases. A remote attacker could\npossibly use this issue to obtain sensitive information, or cause a\ndenial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2026-33845)\n\nHaruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did\nnot properly validate DTLS handshake fragment lengths in certain cases.\nA remote attacker could possibly use this issue to cause GnuTLS to\ncrash, resulting in a denial of service, or execute arbitrary code.\n(CVE-2026-33846)\n\nJoshua Rogers discovered that GnuTLS did not properly order DTLS packets\nwith duplicate sequence numbers in certain cases. A remote attacker\ncould possibly use this issue to cause GnuTLS to crash, resulting in a\ndenial of service. (CVE-2026-42009)\n\nJoshua Rogers discovered that GnuTLS did not properly handle usernames\ncontaining NUL characters in certain RSA-PSK configurations. A remote\nattacker could possibly use this issue to bypass authentication and gain\nunintended access to services. This issue only affected Ubuntu 20.04\nLTS. (CVE-2026-42010)",
  "id": "USN-8502-1",
  "modified": "2026-07-06T13:37:09Z",
  "published": "2026-07-06T13:37:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-8502-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-0553"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-12243"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-9820"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-14831"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-3833"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-5260"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-33845"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-33846"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-42009"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-42010"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "gnutls28 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2024-0553",
    "UBUNTU-CVE-2024-12243",
    "UBUNTU-CVE-2025-9820",
    "UBUNTU-CVE-2025-14831",
    "UBUNTU-CVE-2026-3833",
    "UBUNTU-CVE-2026-5260",
    "UBUNTU-CVE-2026-33845",
    "UBUNTU-CVE-2026-33846",
    "UBUNTU-CVE-2026-42009",
    "UBUNTU-CVE-2026-42010"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…