Copyright © 2012 Red Hat, Inc. All rights reserved. Low 2026-05-28T22:27:36 glib-networking: Infinite loop in glib-networking GnuTLS backend allows remote denial of service via circular certificate chain 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-835

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.

There's a vulnerability in the `glib-networking` package, where a server with a maliciously crafted certificate chain can lead the application using the `glib-networking` libraries with GnuTLS backend to an excessive CPU consumption and cause a Denial-of-Service as consequence of it. The vulnerability happens when the application is performing a certificate validation and the crafted certificate chain contains a circular issuer relationship. For latest `glib-networking` versions such as shipped with Red Hat Enterprise Linux 10, this can lead the client application to freeze when connecting to a malicious server holding the crafted certificate chain resulting in an availability impact to the specific execution on the process (A:L). For versions of `glib-networking` as shipped with Red Hat Enterprise Linux 9 and older, it's possible that an attacker may be able to cause a Denial-of-Service in a server application which does the same kind of validation depending on certain scenarios. Red Hat Product Security team has rated this vulnerability as having a Low impact since, in general, the result of a exploitation needs the user to be tricked to connect to a malicious server and would have a low availability impact as consequence. Red Hat Enterprise Linux 10 Fix deferred glib-networking Red Hat Enterprise Linux 6 Fix deferred glib-networking Red Hat Enterprise Linux 7 Fix deferred glib-networking Red Hat Enterprise Linux 8 Fix deferred glib-networking Red Hat Enterprise Linux 9 Fix deferred glib-networking https://www.cve.org/CVERecord?id=CVE-2026-10028 https://nvd.nist.gov/vuln/detail/CVE-2026-10028 https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231