https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 reports:
GNUTLS-SA-2025-11-18
CVE-2025-9820
Severity Low; Stack write buffer overflow
When a PKCS#11 token is initialized with gnutls_pkcs11_token_init function and
it is passed a token label longer than 32 characters, it may write past the
boundary of stack allocated memory. The issue was reported in the issue tracker
as #1732. <https://gitlab.com/gnutls/gnutls/-/issues/1732>
Recommendation: Given the length limit is imposed by the PKCS#11 standard,
the application should check and reject longer label exceeding the limit,
though this was unclear in the GnuTLS documentation. If it is not feasible for
some reason, we would recommend upgrading GnuTLS to 3.8.11 or later versions.
The issue could also be effectively mitigated if you compile the library with
-D_FORTIFY_SOURCE=2.
-------- Forwarded Message --------
Subject: gnutls 3.8.11 released
Date: Thu, 20 Nov 2025 11:57:06 +0900
From: Daiki Ueno <[email protected]>
To: [email protected]
CC: [email protected]
Hello,
We have just released gnutls-3.8.11. This is a bug fix, security and
enhancement release on the 3.8.x branch.
We would like to thank everyone who contributed in this release:
Alexander Sosedkin, Alistair Francis, chenjianhu, Daiki Ueno, Daniel
P. Berrangé, David Dudas, fundawang, Hannes Reinecke, Jiasheng Jiang,
Karthik Das, Maxim Cournoyer, Samuel Zeter, Wilfred Mallawa, and Zoltan
Fridrich.
The detailed list of changes follows:
* Version 3.8.11 (released 2025-11-18)
** libgnutls: Fix stack overwrite in gnutls_pkcs11_token_init
Reported by Luigino Camastra from Aisle Research. [GNUTLS-SA-2025-11-18,
CVSS: low] [CVE-2025-9820]
** libgnutls: MAC algorithms for PSK binders is now configurable
The previous implementation assumed HMAC-SHA256 to calculate the
PSK binders. With the new gnutls_psk_allocate_client_credentials2()
and gnutls_psk_allocate_server_credentials2() functions, the
application can use other MAC algorithms such as HMAC-SHA384.
** libgnutls: Expose a new function to provide the maximum record send size
A new function gnutls_record_get_max_send_size() has been added to
determine the maximum size of a TLS record to be sent to the peer.
** libgnutls: Expose a new function to update keys without sending a KeyUpdate
to the peer. A new function gnutls_handshake_update_receiving_key()
has been added to allow updating the local receiving key without
sending any KeyUpdate messages.
** libgnutls: PKCS#11 cryptographic provider configuration takes a token URI
instead of a module path. To allow using a PKCS#11 module exposing
multiple tokens, the "path" configuration keyword was replaced with
the "url" keyword.
** libgnutls: Support crypto-auditing probe points
crypto-auditing is a project to monitor which cryptographic
operations are taking place in the library at run time, through
eBPF. This adds necessary probe points for that, in public key
cryptography and the TLS use-case. To enable this, run configure
with --enable-crypto-auditing.
** build: The minimum version of Nettle has been updated to 3.10
Given Nettle 3.10 is ABI compatible with 3.6 and includes several
security relevant fixes, the library's minimum requirement of
Nettle is updated to 3.10.
** build: The default priority file path is now constructed from sysconfdir
Previously, the location of the default priority file was
hard-coded to be /etc/gnutls/config. Now it takes into account of
the --sysconfdir option given to the configure script.
** API and ABI modifications:
gnutls_psk_allocate_client_credentials2: New function
gnutls_psk_allocate_server_credentials2: New function
gnutls_record_get_max_send_size: New function
gnutls_handshake_update_receiving_key: New function
gnutls_audit_push_context: New function
gnutls_audit_pop_context: New function
gnutls_audit_current_context: New function
Getting the Software
================
GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html
Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.11.tar.xz
Here are OpenPGP detached signatures signed using key:
462225C3B46F34879FC8496CD605848ED7E69871
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.11.tar.xz.sig
Note that it has been signed with my openpgp key:
pub rsa4096 2009-07-23 [SC] [expires: 2026-06-29]
462225C3B46F34879FC8496CD605848ED7E69871
uid [ultimate] Daiki Ueno <[email protected]>
uid [ultimate] Daiki Ueno <[email protected]>
sub rsa4096 2010-02-04 [E]
Regards,
--
Daiki Ueno
