Skip to content
CVSS 7.5 · HIGH

CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Ver en NVD

Análisis

GnuTLS has a flaw in its DTLS handshake parsing that allows remote attackers to trigger an integer underflow. This can lead to a denial of service or information disclosure when processing malformed fragments. Users of Red Hat Enterprise Linux and OpenShift should ensure their core crypto libraries are updated.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Tipo de falla (CWE): CWE-191

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.0%)
Percentil: 14.0%
EPSS: 2026-05-06

Afecta

gnu:gnutlsredhat:openshift_container_platformredhat:enterprise_linux

Descripción técnica

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Publicada: 30/4/2026, 18:16:28
Última modificación: 5/5/2026, 3:03:19

Referencias

InicioEventosBlogRecursosEquipo