CVE-2026-33845

EUVD-2026-26392
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
gnugnutls
-
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bookworm
vulnerable
bookworm (security)
3.7.9-2+deb12u7
fixed
bullseye
vulnerable
bullseye (security)
3.7.1-5+deb11u10
fixed
forky
3.8.13-1
fixed
sid
3.8.13-1
fixed
trixie
vulnerable
trixie (security)
3.8.9-3+deb13u4
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnutls
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 12 SP3
3.3.27-3.18.1
fixed
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
gnutls-guile
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutls-devel
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls-openssl-devel
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
libgnutls-openssl27
suse enterprise server 12 SP3
3.3.27-3.18.1
fixed
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
libgnutls28
suse enterprise server 12 SP3
3.3.27-3.18.1
fixed
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
libgnutls28-32bit
suse enterprise server 12 SP3
3.3.27-3.18.1
fixed
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
libgnutls30
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 12 SP5
3.4.17-8.23.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30-32bit
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 12 SP5
3.4.17-8.23.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30-hmac
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutls30-hmac-32bit
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutlsxx-devel
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 12 SP5
3.3.27-3.18.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutlsxx28
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutlsxx30
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gnutls
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-c
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-dane
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-devel
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-utils
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
gnutls
Amazon Linux 2
0:3.3.29-9.amzn2.0.4
fixed
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-c++
Amazon Linux 2
0:3.3.29-9.amzn2.0.4
fixed
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-c++-debuginfo
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-dane
Amazon Linux 2
0:3.3.29-9.amzn2.0.4
fixed
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-dane-debuginfo
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-debuginfo
Amazon Linux 2
0:3.3.29-9.amzn2.0.4
fixed
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-debugsource
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-devel
Amazon Linux 2
0:3.3.29-9.amzn2.0.4
fixed
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-utils
Amazon Linux 2
0:3.3.29-9.amzn2.0.4
fixed
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
gnutls-utils-debuginfo
Amazon Linux 2023
0:3.8.3-8.amzn2023.0.4
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
gnutls
Azure Linux 3.0
0:3.8.3-9.azl3
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://access.redhat.com/errata/RHSA-2026:13274
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/security/cve/CVE-2026-33845
https://bugzilla.redhat.com/show_bug.cgi?id=2450624