8.2

CVE-2026-5260

Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 0:3.8.10-4.el10_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10.0 Extended Update Support
Default Statusaffected
Version 0:3.8.9-9.el10_0.19
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:3.6.16-8.el8_10.6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:3.6.16-8.el8_10.6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:3.6.14-10.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:4.13-3.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:3.6.14-10.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:4.13-3.el8_4.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:3.6.16-5.el8_6.5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:4.13-3.el8_6.2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:3.6.16-5.el8_6.5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:4.13-3.el8_6.2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:3.6.16-7.el8_8.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:4.13-4.el8_8.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:3.6.16-7.el8_8.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:4.13-4.el8_8.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:3.8.10-4.el9_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:3.8.10-4.el9_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions
Default Statusaffected
Version 0:3.8.3-4.el9_4.6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.6 Extended Update Support
Default Statusaffected
Version 0:3.8.3-6.el9_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Discovery 2
Default Statusaffected
Version 1782159791
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Discovery 2
Default Statusaffected
Version 1782166952
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525684
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525671
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525693
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Update Infrastructure 5
Default Statusaffected
Version 1781525739
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.73% 0.495
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

https://bugzilla.redhat.com/show_bug.cgi?id=2467450
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125
https://access.redhat.com/security/cve/CVE-2026-5260
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10