CVE-2026-33845

EUVD-2026-26392
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11.14%
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
3.8.13-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-33845
https://bugzilla.redhat.com/show_bug.cgi?id=2450624