CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

USN-8502-1: GnuTLS vulnerabilities

unknownCVE-2024-0553CVE-2024-12243CVE-2025-9820CVE-2025-14831CVE-2026-3833CVE-2026-5260
It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553) Bing Shi discovered that GnuTLS incorrectly handled decoding certain DER-encoded certificates. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243) Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11 token labels. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2025-9820) Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-14831) Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly handle case-insensitive name constraints in certain cases. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-3833) Joshua Rogers discovered that GnuTLS did not properly handle very short premaster secrets in certain RSA key exchange cases with PKCS#11-backed server keys. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-5260) Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to ob

CSIRTS triage

What
Multiple vulnerabilities could lead to information disclosure, denial of service, or arbitrary code execution.
Who is affected
Users of GnuTLS on Ubuntu 18.04 LTS.
Urgency
Remediation is important due to the severity of the vulnerabilities.
Action
Apply the latest security updates for GnuTLS.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GnuTLS

Get an email when a new GnuTLS advisory drops — max one per day, one-click unsubscribe.

Details

Source
Ubuntu Security Notices (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://ubuntu.com/security/notices/USN-8502-1

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2024-0553coverage & exploitation statusNVD · CVE.org
CVE-2024-12243coverage & exploitation statusNVD · CVE.org
CVE-2025-9820coverage & exploitation statusNVD · CVE.org
CVE-2025-14831coverage & exploitation statusNVD · CVE.org
CVE-2026-3833coverage & exploitation statusNVD · CVE.org
CVE-2026-5260coverage & exploitation statusNVD · CVE.org
CVE-2026-33845coverage & exploitation statusNVD · CVE.org
CVE-2026-33846coverage & exploitation statusNVD · CVE.org
CVE-2026-42009coverage & exploitation statusNVD · CVE.org
CVE-2026-42010coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Ubuntu Security Notices