Description
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
Published: 2026-04-30
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in GnuTLS DTLS handshake parsing permits an attacker to send a malformed DTLS fragment with zero length and a non‑zero offset, which causes an integer underflow during fragment reassembly and results in an out‑of‑bounds read. The vulnerability is remotely exploitable and can lead to an information disclosure or a denial of service by crashing the application or the operating system. It is a classic example of integer underflow (CWE‑191) that undermines memory safety during protocol parsing.

Affected Systems

Red Hat Enterprise Linux 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 are affected. All installations running the included GnuTLS libraries are vulnerable until updated to a version that implements proper bounds checking for DTLS fragments.

Risk and Exploitability

The CVSS score of 7.5 classifies this as a high‑severity vulnerability. Attackers can exploit it over the network by sending crafted DTLS packets; the exact EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog. Because there is no public proof of exploitation reported at this time, the risk is primarily the high potential for DoS or accidental data leakage if an attacker can reach the vulnerable service.

Generated by OpenCVE AI on May 1, 2026 at 05:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest GnuTLS update provided in the vendor’s security patch for your distribution
  • If a direct update is not immediately available, block or filter incoming DTLS traffic with a firewall rule that rejects packets containing zero‑length fragments
  • Configure monitoring to alert on frequent DTLS handshake failures and validate that the service is no longer susceptible to reassembly crashes

Generated by OpenCVE AI on May 1, 2026 at 05:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform

Fri, 01 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 30 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
Title Gnutls: gnutls: denial of service via dtls zero-length fragment
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-191
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Gnu Gnutls
Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-30T18:41:03.926Z

Reserved: 2026-03-24T05:31:54.914Z

Link: CVE-2026-33845

cve-icon Vulnrichment

Updated: 2026-04-30T18:40:43.385Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T18:16:28.003

Modified: 2026-04-30T19:14:49.917

Link: CVE-2026-33845

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-30T17:28:41Z

Links: CVE-2026-33845 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:21:09Z

Weaknesses