Description
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.
Published: 2026-04-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Denial of Service
Action: Patch
AI Analysis

Impact

GnuTLS contains a flaw that allows a remote, unauthenticated attacker to send a crafted ClientHello message with an invalid Pre‑Shared Key binder during the TLS handshake. The invalid binder triggers a null pointer dereference, causing the server to crash and resulting in a denial of service. This weakness is a classic null dereference issue (CWE‑476).

Affected Systems

The vulnerability affects Red Hat Enterprise Linux versions 6 through 9, Red Hat Enterprise Linux 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4, all of which incorporate the affected GnuTLS library. The specific software component impacted is the GnuTLS implementation used within these distributions.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity risk, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only an unauthenticated network connection to the TLS service that uses the flawed GnuTLS version; no privileged access or additional prerequisites are stated.

Generated by OpenCVE AI on April 15, 2026 at 15:59 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Update GnuTLS to the patched version available in the Red Hat security release for the affected distributions.
  • Restart any TLS‑dependent services to ensure the patch takes effect and to clear any crashed state.
  • Enable or configure monitoring that tracks TLS service uptime and alerts when crashes or restarts occur so that the impact of the vulnerability can be detected quickly.

Generated by OpenCVE AI on April 15, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hardened Images
CPEs cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
Vendors & Products Redhat hardened Images

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Title gnutls: gnutls: Remote Denial of Service via crafted ClientHello with invalid PSK binder Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Vendors & Products Gnu
Gnu gnutls

Tue, 10 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.
Title gnutls: gnutls: Remote Denial of Service via crafted ClientHello with invalid PSK binder
Weaknesses CWE-476
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important

Subscriptions

Gnu Gnutls
Redhat Enterprise Linux Hardened Images Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-10T14:09:52.720Z

Reserved: 2026-01-29T02:59:06.727Z

Link: CVE-2026-1584

cve-icon Vulnrichment

Updated: 2026-04-10T14:09:48.887Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T18:16:44.047

Modified: 2026-04-22T00:39:29.163

Link: CVE-2026-1584

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-09T00:00:00Z

Links: CVE-2026-1584 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:00:07Z

Weaknesses