Vulnerability-Lookup

CVE-2026-3832 (GCVE-0-2026-3832)

Vulnerability from cvelistv5 – Published: 2026-04-30 17:41 – Updated: 2026-05-04 08:50

Title

Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Summary

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-179 - Incorrect Behavior Order: Early Validation

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:13274	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-3832	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2445762	issue-trackingx_refsource_REDHAT
	https://gitlab.com/gnutls/gnutls/-/issues/1801

Impacted products

Vendor

Product

Version

Affected: 0 , < 3.8.13 (semver)

Red Hat	Red Hat Hardened Images	Unaffected: 3.8.13-1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2026-04-30 17:29

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3832",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T18:22:07.438915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T18:22:29.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/gnutls/gnutls",
          "defaultStatus": "unaffected",
          "packageName": "gnutls",
          "versions": [
            {
              "lessThan": "3.8.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3.8.13-1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-04-30T17:29:25.738Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-179",
              "description": "Incorrect Behavior Order: Early Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T08:50:57.580Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:13274",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3832"
        },
        {
          "name": "RHBZ#2445762",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-09T13:41:32.810Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-30T17:29:25.738Z",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-179: Incorrect Behavior Order: Early Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3832",
    "datePublished": "2026-04-30T17:41:28.896Z",
    "dateReserved": "2026-03-09T13:44:37.841Z",
    "dateUpdated": "2026-05-04T08:50:57.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-3832",
      "date": "2026-05-04",
      "epss": "0.00023",
      "percentile": "0.06267"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-3832\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-04-30T18:16:30.433\",\"lastModified\":\"2026-05-03T20:16:02.537\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-179\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13274\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-3832\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2445762\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.com/gnutls/gnutls/-/issues/1801\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.com/gnutls/gnutls/-/issues/1801\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3832\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-30T18:22:07.438915Z\"}}}], \"references\": [{\"url\": \"https://gitlab.com/gnutls/gnutls/-/issues/1801\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-30T18:22:22.233Z\"}}], \"cna\": {\"title\": \"Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Low\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.8.13\", \"versionType\": \"semver\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://gitlab.com/gnutls/gnutls\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.8.13-1.hum1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls-main\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-09T13:41:32.810Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-30T17:29:25.738Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2026-04-30T17:29:25.738Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2026:13274\", \"name\": \"RHSA-2026:13274\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2026-3832\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2445762\", \"name\": \"RHBZ#2445762\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://gitlab.com/gnutls/gnutls/-/issues/1801\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-179\", \"description\": \"Incorrect Behavior Order: Early Validation\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-05-04T08:50:57.580Z\"}, \"x_redhatCweChain\": \"CWE-179: Incorrect Behavior Order: Early Validation\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-3832\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-04T08:50:57.580Z\", \"dateReserved\": \"2026-03-09T13:44:37.841Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-04-30T17:41:28.896Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-3832

Vulnerability from fkie_nvd - Published: 2026-04-30 18:16 - Updated: 2026-05-03 20:16

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2026:13274
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2026-3832
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2445762
	secalert@redhat.com	https://gitlab.com/gnutls/gnutls/-/issues/1801
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://gitlab.com/gnutls/gnutls/-/issues/1801

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust."
    }
  ],
  "id": "CVE-2026-3832",
  "lastModified": "2026-05-03T20:16:02.537",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-30T18:16:30.433",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:13274"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3832"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-179"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

RHSA-2026:13274

Vulnerability from csaf_redhat - Published: 2026-05-02 22:26 - Updated: 2026-05-04 13:23

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Important

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: gnutls: * gnutls-3.8.13-1.hum1 (aarch64, x86_64) * gnutls-c++-3.8.13-1.hum1 (aarch64, x86_64) * gnutls-dane-3.8.13-1.hum1 (aarch64, x86_64) * gnutls-devel-3.8.13-1.hum1 (aarch64, x86_64) * gnutls-fips-3.8.13-1.hum1 (aarch64, x86_64) * gnutls-utils-3.8.13-1.hum1 (aarch64, x86_64) * mingw32-gnutls-3.8.13-1.hum1 (noarch) * mingw64-gnutls-3.8.13-1.hum1 (noarch) * gnutls-3.8.13-1.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-3832

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:13274

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVE-2026-3833

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-178 - Improper Handling of Case Sensitivity

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:13274

CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-191 - Integer Underflow (Wrap or Wraparound)

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:13274

CVE-2026-33846

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:13274

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:13274	self
	https://images.redhat.com/	external
	https://access.redhat.com/security/cve/CVE-2026-33845	external
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/cve/CVE-2026-3833	external
	https://access.redhat.com/security/cve/CVE-2026-3832	external
	https://access.redhat.com/security/cve/CVE-2026-33846	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2026-3832	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2445762	external
	https://www.cve.org/CVERecord?id=CVE-2026-3832	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-3832	external
	https://gitlab.com/gnutls/gnutls/-/issues/1801	external
	https://access.redhat.com/security/cve/CVE-2026-3833	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2445763	external
	https://www.cve.org/CVERecord?id=CVE-2026-3833	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-3833	external
	https://gitlab.com/gnutls/gnutls/-/issues/1803	external
	https://access.redhat.com/security/cve/CVE-2026-33845	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2450624	external
	https://www.cve.org/CVERecord?id=CVE-2026-33845	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-33845	external
	https://access.redhat.com/security/cve/CVE-2026-33846	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2450625	external
	https://www.cve.org/CVERecord?id=CVE-2026-33846	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-33846	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\ngnutls:\n  * gnutls-3.8.13-1.hum1 (aarch64, x86_64)\n  * gnutls-c++-3.8.13-1.hum1 (aarch64, x86_64)\n  * gnutls-dane-3.8.13-1.hum1 (aarch64, x86_64)\n  * gnutls-devel-3.8.13-1.hum1 (aarch64, x86_64)\n  * gnutls-fips-3.8.13-1.hum1 (aarch64, x86_64)\n  * gnutls-utils-3.8.13-1.hum1 (aarch64, x86_64)\n  * mingw32-gnutls-3.8.13-1.hum1 (noarch)\n  * mingw64-gnutls-3.8.13-1.hum1 (noarch)\n  * gnutls-3.8.13-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:13274",
        "url": "https://access.redhat.com/errata/RHSA-2026:13274"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33845",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33845"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-3833",
        "url": "https://access.redhat.com/security/cve/CVE-2026-3833"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-3832",
        "url": "https://access.redhat.com/security/cve/CVE-2026-3832"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33846",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33846"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13274.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-04T13:23:52+00:00",
      "generator": {
        "date": "2026-05-04T13:23:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.8"
        }
      },
      "id": "RHSA-2026:13274",
      "initial_release_date": "2026-05-02T22:26:22+00:00",
      "revision_history": [
        {
          "date": "2026-05-02T22:26:22+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-04T12:22:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-04T13:23:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnutls-main@aarch64",
                "product": {
                  "name": "gnutls-main@aarch64",
                  "product_id": "gnutls-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnutls@3.8.13-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnutls-main@src",
                "product": {
                  "name": "gnutls-main@src",
                  "product_id": "gnutls-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnutls@3.8.13-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnutls-main@x86_64",
                "product": {
                  "name": "gnutls-main@x86_64",
                  "product_id": "gnutls-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnutls@3.8.13-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnutls-main@noarch",
                "product": {
                  "name": "gnutls-main@noarch",
                  "product_id": "gnutls-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mingw32-gnutls@3.8.13-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnutls-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:gnutls-main@aarch64"
        },
        "product_reference": "gnutls-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnutls-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:gnutls-main@noarch"
        },
        "product_reference": "gnutls-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnutls-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:gnutls-main@src"
        },
        "product_reference": "gnutls-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnutls-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:gnutls-main@x86_64"
        },
        "product_reference": "gnutls-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-3832",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2026-03-09T13:41:32.810000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445762"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue has a LOW impact. A flaw in gnutls\u0027 OCSP stapling implementation allows a client with OCSP verification enabled to accept a revoked server certificate. This occurs when a multi-record OCSP response is stapled, and the client incorrectly reads the certificate status from an unrelated record, leading to an order-dependent acceptance of a revoked certificate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:gnutls-main@aarch64",
          "Red Hat Hardened Images:gnutls-main@noarch",
          "Red Hat Hardened Images:gnutls-main@src",
          "Red Hat Hardened Images:gnutls-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3832"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445762",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3832"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832"
        },
        {
          "category": "external",
          "summary": "https://gitlab.com/gnutls/gnutls/-/issues/1801",
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
        }
      ],
      "release_date": "2026-04-30T17:29:25.738000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-02T22:26:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response"
    },
    {
      "cve": "CVE-2026-3833",
      "cwe": {
        "id": "CWE-178",
        "name": "Improper Handling of Case Sensitivity"
      },
      "discovery_date": "2026-03-09T14:02:09.783000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445763"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is particularly important because it affects the correct enforcement of X.509 nameConstraints, which are specifically designed to limit the authority of subordinate CAs. In GnuTLS, the use of case-sensitive comparisons (memcmp) for dNSName and the domain portion of rfc822Name violates the case-insensitive matching requirements defined in RFC 5280 and RFC 4343. As a result, a constrained subordinate CA can bypass excludedSubtrees or permittedSubtrees restrictions simply by changing the letter casing of a domain in the SAN (e.g., ExAmPlE.CoM vs example.com). Since nameConstraints are often the only mechanism enforcing domain boundaries in delegated PKI hierarchies, this flaw effectively allows a malicious or compromised sub-CA to issue certificates for domains that should be cryptographically prohibited, enabling unauthorized certificate validation and potential TLS impersonation of restricted services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:gnutls-main@aarch64",
          "Red Hat Hardened Images:gnutls-main@noarch",
          "Red Hat Hardened Images:gnutls-main@src",
          "Red Hat Hardened Images:gnutls-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3833"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445763",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3833",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3833"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833"
        },
        {
          "category": "external",
          "summary": "https://gitlab.com/gnutls/gnutls/-/issues/1803",
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1803"
        }
      ],
      "release_date": "2026-04-30T17:26:28.969000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-02T22:26:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison"
    },
    {
      "cve": "CVE-2026-33845",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "discovery_date": "2026-03-24T05:35:59.740000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:gnutls-main@aarch64",
          "Red Hat Hardened Images:gnutls-main@noarch",
          "Red Hat Hardened Images:gnutls-main@src",
          "Red Hat Hardened Images:gnutls-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33845"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
        }
      ],
      "release_date": "2026-04-30T17:28:41.473000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-02T22:26:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
    },
    {
      "cve": "CVE-2026-33846",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "discovery_date": "2026-03-24T05:38:09.899000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450625"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:gnutls-main@aarch64",
          "Red Hat Hardened Images:gnutls-main@noarch",
          "Red Hat Hardened Images:gnutls-main@src",
          "Red Hat Hardened Images:gnutls-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33846"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450625",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
        }
      ],
      "release_date": "2026-05-04T08:53:59.249000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-02T22:26:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:gnutls-main@aarch64",
            "Red Hat Hardened Images:gnutls-main@noarch",
            "Red Hat Hardened Images:gnutls-main@src",
            "Red Hat Hardened Images:gnutls-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-3832 (GCVE-0-2026-3832)

FKIE_CVE-2026-3832

RHSA-2026:13274

Tags

Sightings

Nomenclature