7.5
CVE-2026-42009
- EPSS 1.34%
- Veröffentlicht 18.05.2026 12:44:45
- Zuletzt bearbeitet 08.07.2026 13:16:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Hardened Images Version-
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0 HwPlatformarm64
Redhat ≫ Enterprise Linux Version8.0 HwPlatformx64
Redhat ≫ Enterprise Linux For Els Version8.10 HwPlatformarm64
Redhat ≫ Enterprise Linux For Els Version8.10 HwPlatformx64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Els Version8.10
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Els Version8.10
Redhat ≫ Enterprise Linux Version9.0 HwPlatformarm64
Redhat ≫ Enterprise Linux Version9.0 HwPlatformx64
Redhat ≫ Enterprise Linux Version9.8 HwPlatformarm64
Redhat ≫ Enterprise Linux For Els Version9.8 HwPlatformarm64
Redhat ≫ Enterprise Linux For Els Version9.8 HwPlatformx64
Redhat ≫ Enterprise Linux For Eus Version9.8 HwPlatformarm64
Redhat ≫ Enterprise Linux For Eus Version9.8 HwPlatformx64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Els Version9.8
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.8
Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Els Version9.8
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.8
Redhat ≫ Enterprise Linux For Update Services For Sap Solutions Version9.8 HwPlatformx64
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.8
Redhat ≫ Enterprise Linux Version10.0 HwPlatformarm64
Redhat ≫ Enterprise Linux Version10.0 HwPlatformx64
Redhat ≫ Enterprise Linux Version10.2 HwPlatformarm64
Redhat ≫ Enterprise Linux Version10.2 HwPlatformx64
Redhat ≫ Enterprise Linux For Els Version10.2 HwPlatformarm64
Redhat ≫ Enterprise Linux For Els Version10.2 HwPlatformx64
Redhat ≫ Enterprise Linux For Eus Version10.2 HwPlatformarm64
Redhat ≫ Enterprise Linux For Eus Version10.2 HwPlatformx64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version10.2
Redhat ≫ Enterprise Linux For Ibm Z Systems Els Version10.2
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version10.2
Redhat ≫ Enterprise Linux For Power Little Endian Version10.0
Redhat ≫ Enterprise Linux For Power Little Endian Version10.2
Redhat ≫ Enterprise Linux For Power Little Endian Els Version10.2
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version10.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.34% | 0.676 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-475 Undefined Behavior for Input to API
The behavior of this function is undefined unless its control parameter is set to a specific value.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://bugzilla.redhat.com/show_bug.cgi?id=2467279
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42009.json
https://access.redhat.com/errata/RHSA-2026:36004
https://access.redhat.com/errata/RHSA-2026:36005
https://access.redhat.com/errata/RHSA-2026:36006
https://access.redhat.com/errata/RHSA-2026:13274
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125
https://access.redhat.com/errata/RHSA-2026:34372
https://access.redhat.com/errata/RHSA-2026:29794
https://access.redhat.com/security/cve/CVE-2026-42009
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
https://access.redhat.com/errata/RHSA-2026:34764
https://access.redhat.com/errata/RHSA-2026:34788