Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN823
_____________________________________________________________________

DATE                : 20/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running GnuTLS versions prior to 3.8.11.

=====================================================================
https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
_____________________________________________________________________

GNUTLS-SA-2025-11-18                CVE-2025-9820

Severity Low; Stack write buffer overflow

When a PKCS#11 token is initialized with gnutls_pkcs11_token_init
function and it is passed a token label longer than 32 characters,
it may write past the boundary of stack allocated memory. The issue
was reported in the issue tracker as #1732.
Recommendation: Given the length limit is imposed by the PKCS#11
standard, the application should check and reject longer label
exceeding the limit, though this was unclear in the GnuTLS
documentation. If it is not feasible for some reason, we would
recommend upgrading GnuTLS to 3.8.11 or later versions. The issue
could also be effectively mitigated if you compile the library
with -D_FORTIFY_SOURCE=2.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================