CVE-2026-42013

EUVD-2026-32011
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bookworm
vulnerable
bookworm (security)
3.7.9-2+deb12u7
fixed
bullseye
vulnerable
bullseye (security)
3.7.1-5+deb11u10
fixed
forky
3.8.13-1
fixed
sid
3.8.13-1
fixed
trixie
vulnerable
trixie (security)
3.8.9-3+deb13u4
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnutls
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
gnutls-guile
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutls-devel
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30-32bit
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30-hmac
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutls30-hmac-32bit
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutlsxx-devel
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutlsxx28
suse enterprise server 15 SP4
3.7.3-150400.4.59.1
fixed
suse enterprise server 15 SP5
3.7.3-150400.4.59.1
fixed
libgnutlsxx30
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gnutls
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 8.4 AUS
0:3.6.14-10.el8_4.1
fixed
RHEL 8.6 AUS
0:3.6.16-5.el8_6.5
fixed
RHEL 8.8 E4S
0:3.6.16-7.el8_8.4
fixed
RHEL 8.8 TUS
0:3.6.16-7.el8_8.4
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-c
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 8.4 AUS
0:3.6.14-10.el8_4.1
fixed
RHEL 8.6 AUS
0:3.6.16-5.el8_6.5
fixed
RHEL 8.8 E4S
0:3.6.16-7.el8_8.4
fixed
RHEL 8.8 TUS
0:3.6.16-7.el8_8.4
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-dane
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 8.4 AUS
0:3.6.14-10.el8_4.1
fixed
RHEL 8.6 AUS
0:3.6.16-5.el8_6.5
fixed
RHEL 8.8 E4S
0:3.6.16-7.el8_8.4
fixed
RHEL 8.8 TUS
0:3.6.16-7.el8_8.4
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-devel
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 8.4 AUS
0:3.6.14-10.el8_4.1
fixed
RHEL 8.6 AUS
0:3.6.16-5.el8_6.5
fixed
RHEL 8.8 E4S
0:3.6.16-7.el8_8.4
fixed
RHEL 8.8 TUS
0:3.6.16-7.el8_8.4
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-utils
RHEL 8
0:3.6.16-8.el8_10.6
fixed
RHEL 8.4 AUS
0:3.6.14-10.el8_4.1
fixed
RHEL 8.6 AUS
0:3.6.16-5.el8_6.5
fixed
RHEL 8.8 E4S
0:3.6.16-7.el8_8.4
fixed
RHEL 8.8 TUS
0:3.6.16-7.el8_8.4
fixed
RHEL 9
0:3.8.10-4.el9_8
fixed
libtasn1
RHEL 8.4 AUS
0:4.13-3.el8_4.1
fixed
RHEL 8.6 AUS
0:4.13-3.el8_6.2
fixed
RHEL 8.8 E4S
0:4.13-4.el8_8.1
fixed
RHEL 8.8 TUS
0:4.13-4.el8_8.1
fixed
libtasn1-devel
RHEL 8.4 AUS
0:4.13-3.el8_4.1
fixed
RHEL 8.6 AUS
0:4.13-3.el8_6.2
fixed
RHEL 8.8 E4S
0:4.13-4.el8_8.1
fixed
RHEL 8.8 TUS
0:4.13-4.el8_8.1
fixed
libtasn1-tools
RHEL 8.4 AUS
0:4.13-3.el8_4.1
fixed
RHEL 8.6 AUS
0:4.13-3.el8_6.2
fixed
RHEL 8.8 E4S
0:4.13-4.el8_8.1
fixed
RHEL 8.8 TUS
0:4.13-4.el8_8.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
gnutls
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-c++
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-c++-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-dane
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-dane-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-debugsource
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-devel
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-utils
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-utils-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
gnutls
Azure Linux 3.0
0:3.8.13-1.azl3
fixed