CVE-2025-14831

{"id": "CVE-2025-14831", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-02-09T15:16:09.937", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:13812", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3477", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4188", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4655", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4943", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5585", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5606", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6618", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6630", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6737", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6738", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7329", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7335", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7477", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8746", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8747", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8748", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14831", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", "source": "secalert@redhat.com"}, {"url": "https://gitlab.com/gnutls/gnutls/-/issues/1773", "source": "secalert@redhat.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-407"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs)."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en GnuTLS. Esta vulnerabilidad permite una denegaci\u00f3n de servicio (DoS) mediante un consumo excesivo de CPU (Unidad Central de Procesamiento) y memoria a trav\u00e9s de certificados maliciosos especialmente dise\u00f1ados que contienen un gran n\u00famero de restricciones de nombre y nombres alternativos del sujeto (SANs)."}], "lastModified": "2026-05-05T18:16:00.410", "sourceIdentifier": "secalert@redhat.com"}