EUVD-2026-26392CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionNVD
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
AnalysisAI
Integer underflow in GnuTLS DTLS handshake reassembly allows remote unauthenticated attackers to trigger denial of service or information disclosure via crafted zero-length fragments with non-zero offsets. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4; identify which depend on GnuTLS for DTLS communications. Within 7 days: Apply network segmentation to restrict DTLS access to trusted endpoints only; enable monitoring for abnormal DTLS fragment patterns. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today