Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-14831

Опубликовано: 09 фев. 2026
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Отчет

This vulnerability is rated Moderate for Red Hat. GnuTLS is susceptible to a denial of service attack due to excessive CPU and memory consumption. This occurs when processing specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) during certificate verification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6gnutlsWill not fix
Red Hat Enterprise Linux 7gnutlsWill not fix
Red Hat OpenShift Container Platform 4rhcosFix deferred
Red Hat Enterprise Linux 10gnutlsFixedRHSA-2026:347702.03.2026
Red Hat Enterprise Linux 8gnutlsFixedRHSA-2026:558524.03.2026
Red Hat Enterprise Linux 8gnutlsFixedRHSA-2026:558524.03.2026
Red Hat Enterprise Linux 9gnutlsFixedRHSA-2026:418810.03.2026
Red Hat Enterprise Linux 9gnutlsFixedRHSA-2026:418810.03.2026
Red Hat Ceph Storage 8rhceph/rhceph-8-rhel9FixedRHSA-2026:560624.03.2026
Red Hat Insights proxy 1.5insights-proxy/insights-proxy-container-rhel9FixedRHSA-2026:465516.03.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-407
https://bugzilla.redhat.com/show_bug.cgi?id=2423177gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

EPSS

Процентиль: 21%
0.00067
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-14831

CVSS3: 5.3
ubuntu
около 2 месяцев назад

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

nvd логотип

CVE-2025-14831

CVSS3: 5.3
nvd
около 2 месяцев назад

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

debian логотип

CVE-2025-14831

CVSS3: 5.3
debian
около 2 месяцев назад

A flaw was found in GnuTLS. This vulnerability allows a denial of serv ...

suse-cvrf логотип

SUSE-SU-2026:0829-1

suse-cvrf
26 дней назад

Security update for gnutls

github логотип

GHSA-pm8w-jq9r-x5rp

CVSS3: 5.3
github
около 2 месяцев назад

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

EPSS

Процентиль: 21%
0.00067
Низкий

5.3 Medium

CVSS3