Skip to main content

GnuTLS EUVDEUVD-2026-26392

| CVE-2026-33845 CRITICAL
Integer Underflow (CWE-191)
2026-04-30 redhat
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
8.2 HIGH

Remote unauthenticated DTLS parsing flaw (AV:N/AC:L/PR:N/UI:N); reliable crash gives A:H, but OOB-read disclosure is bounded/uncertain so C:L rather than C:H, no integrity impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

9
Analysis Updated
Jun 24, 2026 - 17:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 24, 2026 - 17:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 24, 2026 - 17:22 vuln.today
cvss_changed
Severity Changed
Jun 24, 2026 - 17:22 NVD
HIGH CRITICAL
CVSS changed
Jun 24, 2026 - 17:22 NVD
7.5 (HIGH) 9.1 (CRITICAL)
Analysis Generated
Apr 30, 2026 - 18:15 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 18:00 euvd
EUVD-2026-26392
Analysis Generated
Apr 30, 2026 - 18:00 vuln.today
CVE Published
Apr 30, 2026 - 17:41 nvd
HIGH 7.5

DescriptionNVD

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

AnalysisAI

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an integer underflow by sending malformed handshake fragments with zero length and a non-zero offset, enabling information disclosure or denial of service against Red Hat-shipped GnuTLS (RHEL 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images). Reported by Red Hat with a vendor patch available and errata released; no public exploit identified at time of analysis, and EPSS is very low (0.04%, 11th percentile) with SSVC exploitation status 'none'. CVSS 9.1 reflects high confidentiality and availability impact over the network at low complexity without authentication.

Technical ContextAI

GnuTLS is a widely-used open-source library implementing TLS, DTLS, and related cryptographic protocols, linked by many Linux applications and services for secure transport. The flaw lives in DTLS handshake fragment reassembly: DTLS splits handshake messages into fragments carrying a length and offset, and the parser fails to validate a fragment that declares zero length together with a non-zero offset. CWE-191 (Integer Underflow / wraparound) is the root cause: a subtraction during reassembly underflows, producing a huge unsigned value that drives an out-of-bounds read past the intended buffer. The affected products per CPE are Red Hat's GnuTLS packages across Red Hat Enterprise Linux 6, 7, 8, 9, and 10, Red Hat OpenShift Container Platform 4, and Red Hat Hardened Images, indicating the vulnerable code is in the GnuTLS shipped/maintained in those distributions rather than a single application.

RemediationAI

Apply the vendor-released GnuTLS update for your platform: on Red Hat systems install the package versions from the applicable errata (RHSA-2026:13274, RHSA-2026:20611/20612/20613, RHSA-2026:26319, RHSA-2026:26409, RHSA-2026:29197) per https://access.redhat.com/security/cve/CVE-2026-33845, and on Ubuntu apply USN-8284-1 (https://ubuntu.com/security/notices/USN-8284-1), then restart or re-link affected services so the patched library is loaded. Exact fixed versions are listed in those advisories; consult the Red Hat Bugzilla tracker (https://bugzilla.redhat.com/show_bug.cgi?id=2450624) for package detail. If immediate patching is not possible, reduce exposure by disabling DTLS on services that do not require it or restricting reachability of DTLS endpoints (e.g., firewall the relevant UDP ports to trusted peers only) - the trade-off is loss of DTLS-based functionality (such as DTLS-protected VPN/VoIP/WebRTC transports) for clients that depend on it; prefer TLS-over-TCP paths where the application supports both. These are compensating controls only and do not remove the underlying flaw, so schedule the library update.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-35091 HIGH
8.2 Apr 01

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memor

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed
SUSE Linux Enterprise Micro 5.5 Fixed

Share

EUVD-2026-26392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy