Primary

Context

GnuTLS Denial-of-Service Vulnerability via Malicious Certificates

Vulnerability

A denial-of-service vulnerability has been identified in GnuTLS. This issue arises from excessive CPU and memory usage when processing specially crafted malicious certificates that contain a large number of name constraints and subject alternative names (SANs). The vulnerability occurs during certificate verification, leading to resource exhaustion.

Impact

Exploitation of this vulnerability causes excessive CPU and memory consumption, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by verifying a certificate chain with the certtool --verify command, using certificates that have a large number of SANs and name constraints. GnuTLS will attempt to verify all of these fields without any limit, causing increased CPU and memory usage.

Added: Feb 9, 2026, 3:23 PM

Updated: Feb 9, 2026, 4:13 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.5

remediation

0.0

relevance

2.6

threat

1.6

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.5

remediation

0.0

relevance

2.6

threat

1.6

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GnuTLS Denial-of-Service Vulnerability via Malicious Certificates

Vulnerability

Impact

Reproduction

Affected Products

GnuTLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating