Skip to main content

GnuTLS CVE-2026-1584

| EUVDEUVD-2026-20986 HIGH
NULL Pointer Dereference (CWE-476)
2026-04-09 redhat GHSA-92xv-mw29-x4px
7.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Updated
Apr 22, 2026 - 00:57 vuln.today
v1 (cvss_changed)
Re-analysis Queued
Apr 22, 2026 - 00:52 vuln.today
cvss_changed
EUVD ID Assigned
Apr 09, 2026 - 18:15 euvd
EUVD-2026-20986
Analysis Generated
Apr 09, 2026 - 18:15 vuln.today
CVE Published
Apr 09, 2026 - 18:00 nvd
HIGH 7.5

DescriptionCVE.org

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.

AnalysisAI

Remote unauthenticated attackers can crash GnuTLS servers by sending malformed TLS handshake messages containing invalid Pre-Shared Key binder values, triggering a NULL pointer dereference. Red Hat Enterprise Linux versions 6-10, OpenShift Container Platform 4, and Red Hat Hardened Images are affected. Vendor patches are available. EPSS score of 0.08% (24th percentile) suggests low current exploitation probability despite network-accessible attack vector. SSVC framework classifies this as automatable with partial technical impact but no known exploitation, making this a medium-priority patching target focused on preventing service disruption rather than data breach.

Technical ContextAI

GnuTLS is an open-source TLS/SSL cryptographic library implementing secure communications protocols. The vulnerability stems from improper null pointer validation (CWE-476) in the TLS handshake processing code, specifically when parsing ClientHello messages during PSK (Pre-Shared Key) authentication exchanges. PSK is a TLS extension allowing authentication using symmetric keys rather than certificates. When a ClientHello contains a PSK extension with a malformed or invalid binder value-a cryptographic proof that the client possesses the shared key-the GnuTLS server attempts to dereference a NULL pointer during validation, causing immediate process termination. The affected CPE strings indicate Red Hat Enterprise Linux distributions from legacy version 6 through current version 10, plus containerized environments (OpenShift Container Platform 4, Red Hat Hardened Images), all of which bundle GnuTLS as a core cryptographic library for system-wide TLS functionality.

RemediationAI

Apply vendor-released patches for affected Red Hat products immediately, available through standard Red Hat Update Infrastructure (yum/dnf update gnutls). Consult Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-1584 and Bugzilla #2435258 for exact patched package versions for each RHEL major release. For systems where immediate patching is infeasible, implement compensating controls: disable PSK cipher suites in GnuTLS configuration if not operationally required by editing /etc/gnutls/config or application-specific TLS settings to exclude PSK_* cipher suite families (trade-off: breaks PSK-dependent authentication workflows; verify no production dependencies before applying). Deploy network-layer rate limiting on TLS handshake requests to mitigate DoS impact (trade-off: may affect legitimate high-volume clients during traffic spikes; tune thresholds based on baseline). Restrict TLS service exposure to trusted networks via firewall rules if services do not require internet accessibility (trade-off: eliminates remote attack vector but may conflict with service design requirements). Monitor for abnormal service crashes or elevated ClientHello rejection rates as potential exploitation indicators. Note that workarounds provide only partial mitigation; vendor patching is the authoritative remediation.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed

Share

CVE-2026-1584 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy