All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-42014
MEDIUMpublished 2026-06-16 02:16 UTC · 9 days ago · modified 2026-06-16 15:26 UTC
6.6
CVSS / 10
// description
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
// cvss 3.1 vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
// weaknesses (CWE)
- CWE-825