CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:3477
https://access.redhat.com/errata/RHSA-2026:4188
https://access.redhat.com/errata/RHSA-2026:4655
https://access.redhat.com/errata/RHSA-2026:4943
https://access.redhat.com/errata/RHSA-2026:5585
https://access.redhat.com/errata/RHSA-2026:5606
https://access.redhat.com/security/cve/CVE-2025-14831
https://bugzilla.redhat.com/show_bug.cgi?id=2423177
https://gitlab.com/gnutls/gnutls/-/issues/1773

Configurations

No configuration.

History

No history.

Information

Published : 2026-02-09 15:16

Updated : 2026-03-24 11:16

NVD link : CVE-2025-14831

Mitre link : CVE-2025-14831

CVE.ORG link : CVE-2025-14831

JSON object : View

Products Affected

No product.

CWE

CWE-407

Inefficient Algorithmic Complexity

{"id": "CVE-2025-14831", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-02-09T15:16:09.937", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3477", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4188", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4655", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4943", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5585", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5606", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14831", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", "source": "secalert@redhat.com"}, {"url": "https://gitlab.com/gnutls/gnutls/-/issues/1773", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-407"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs)."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en GnuTLS. Esta vulnerabilidad permite una denegaci\u00f3n de servicio (DoS) mediante un consumo excesivo de CPU (Unidad Central de Procesamiento) y memoria a trav\u00e9s de certificados maliciosos especialmente dise\u00f1ados que contienen un gran n\u00famero de restricciones de nombre y nombres alternativos del sujeto (SANs)."}], "lastModified": "2026-03-24T11:16:21.903", "sourceIdentifier": "secalert@redhat.com"}