5.3

CVE-2026-42015

Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 0:3.8.10-4.el10_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10.0 Extended Update Support
Default Statusaffected
Version 0:3.8.9-9.el10_0.19
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:3.6.16-8.el8_10.6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:3.6.16-8.el8_10.6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:3.6.14-10.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:4.13-3.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:3.6.14-10.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:4.13-3.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:3.6.16-5.el8_6.5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:4.13-3.el8_6.2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:3.6.16-5.el8_6.5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:4.13-3.el8_6.2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:3.6.16-7.el8_8.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:4.13-4.el8_8.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:3.6.16-7.el8_8.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:4.13-4.el8_8.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:3.8.10-4.el9_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:3.8.10-4.el9_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions
Default Statusaffected
Version 0:3.8.3-4.el9_4.6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.6 Extended Update Support
Default Statusaffected
Version 0:3.8.3-6.el9_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Discovery 2
Default Statusaffected
Version 1782159791
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Discovery 2
Default Statusaffected
Version 1782166952
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525684
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525671
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525693
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525739
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.73% 0.495
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

https://bugzilla.redhat.com/show_bug.cgi?id=2467678
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125
https://access.redhat.com/security/cve/CVE-2026-42015
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11