7.5

CVE-2026-33846

Medienbericht

Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Enterprise Linux Server (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream AUS (v.8.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream AUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream E4S (v.8.8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream TUS (v.8.8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream E4S (v.9.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 9)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS (v. 8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS AUS (v.8.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS AUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS E4S (v.8.8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS TUS (v.8.8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS E4S (v.9.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS (v. 9)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat AI Inference Server 3.2
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Discovery 2
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.26% 0.66
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.05.2026 17:45
https://bugzilla.redhat.com/show_bug.cgi?id=2450625
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json
https://access.redhat.com/errata/RHSA-2026:36004
https://access.redhat.com/errata/RHSA-2026:36005
https://access.redhat.com/errata/RHSA-2026:36006
https://access.redhat.com/errata/RHSA-2026:13274
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125
https://access.redhat.com/errata/RHSA-2026:34372
https://access.redhat.com/security/cve/CVE-2026-33846