Bug 2423177 (CVE-2025-14831)

Summary: CVE-2025-14831 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, kshier, security-response-team, stcannon, teagle, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2437986, 2437987    
Bug Blocks:    

Description OSIDB Bzimport 2025-12-17 14:52:47 UTC 
Verifying Certificates with large amout of name constraints and subject alternative names makes GnuTLS vulnerable to DoS attacks

When trying to verify a certificate chain using the certtool --verify command, with certificates, that contain a larger number of SANs and Name Constraints, GnuTLS tries to verify all of them, without any bound on the quantity of those fields.
Using those crafted malicious certificate, GnuTLS is vulnerable to DoS attacks by excessive usage of CPU and memory.
Comment 2 errata-xmlrpc 2026-03-02 01:32:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3477 https://access.redhat.com/errata/RHSA-2026:3477
Comment 3 errata-xmlrpc 2026-03-10 23:26:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:4188 https://access.redhat.com/errata/RHSA-2026:4188
Comment 4 errata-xmlrpc 2026-03-24 10:24:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:5585 https://access.redhat.com/errata/RHSA-2026:5585
Comment 5 errata-xmlrpc 2026-04-06 03:24:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:6618 https://access.redhat.com/errata/RHSA-2026:6618
Comment 6 errata-xmlrpc 2026-04-06 07:01:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:6630 https://access.redhat.com/errata/RHSA-2026:6630
Comment 7 errata-xmlrpc 2026-04-07 07:49:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:6737 https://access.redhat.com/errata/RHSA-2026:6737
Comment 8 errata-xmlrpc 2026-04-07 07:53:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:6738 https://access.redhat.com/errata/RHSA-2026:6738
Comment 10 errata-xmlrpc 2026-05-05 17:49:44 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812