7.5

CVE-2026-42009

Medienbericht

Gnutls: gnutls: denial of service via dtls packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version-
RedhatHardened Images Version-
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0 HwPlatformarm64
RedhatEnterprise Linux Version8.0 HwPlatformx64
RedhatEnterprise Linux For Els Version8.10 HwPlatformarm64
RedhatEnterprise Linux For Els Version8.10 HwPlatformx64
RedhatEnterprise Linux Version9.0 HwPlatformarm64
RedhatEnterprise Linux Version9.0 HwPlatformx64
RedhatEnterprise Linux Version9.8 HwPlatformarm64
RedhatEnterprise Linux For Els Version9.8 HwPlatformarm64
RedhatEnterprise Linux For Els Version9.8 HwPlatformx64
RedhatEnterprise Linux For Eus Version9.8 HwPlatformarm64
RedhatEnterprise Linux For Eus Version9.8 HwPlatformx64
RedhatEnterprise Linux Version10.0 HwPlatformarm64
RedhatEnterprise Linux Version10.0 HwPlatformx64
RedhatEnterprise Linux Version10.2 HwPlatformarm64
RedhatEnterprise Linux Version10.2 HwPlatformx64
RedhatEnterprise Linux For Els Version10.2 HwPlatformarm64
RedhatEnterprise Linux For Els Version10.2 HwPlatformx64
RedhatEnterprise Linux For Eus Version10.2 HwPlatformarm64
RedhatEnterprise Linux For Eus Version10.2 HwPlatformx64
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.34% 0.676
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-475 Undefined Behavior for Input to API

The behavior of this function is undefined unless its control parameter is set to a specific value.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.05.2026 17:45
https://bugzilla.redhat.com/show_bug.cgi?id=2467279
Third Party Advisory
Issue Tracking
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42009.json
https://access.redhat.com/errata/RHSA-2026:36004
https://access.redhat.com/errata/RHSA-2026:36005
https://access.redhat.com/errata/RHSA-2026:36006
https://access.redhat.com/errata/RHSA-2026:13274
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:20611
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:20612
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:20613
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125
https://access.redhat.com/errata/RHSA-2026:34372
https://access.redhat.com/errata/RHSA-2026:29794
https://access.redhat.com/security/cve/CVE-2026-42009
Third Party Advisory
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
https://access.redhat.com/errata/RHSA-2026:34764
https://access.redhat.com/errata/RHSA-2026:34788