Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-30T17:28:41 gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-191

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate. Red Hat Hardened Images 2026-05-02T00:00:00Z RHSA-2026:13274 gnutls-main-3.8.13-1.hum1 Red Hat Enterprise Linux 10 Affected gnutls Red Hat Enterprise Linux 6 Affected gnutls Red Hat Enterprise Linux 7 Affected gnutls Red Hat Enterprise Linux 8 Affected gnutls Red Hat Enterprise Linux 9 Affected gnutls Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845