CVE-2026-1584
Received Received - Intake
NULL Pointer Dereference in GnuTLS TLS Handshake Causes DoS

Publication date: 2026-04-09

Last updated on: 2026-05-03

Assigner: Red Hat, Inc.

Description
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-05-03
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1584
EUVD
EUVD-2026-20986
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gnu gnutls *
redhat hardened_images *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1584 is a remote Denial of Service (DoS) vulnerability in gnutls caused by a NULL pointer dereference triggered by a malicious TLS client.

The issue occurs when the server processes a specially crafted ClientHello message containing an invalid Pre-Shared Key (PSK) binder value during the TLS handshake.

Specifically, during PSK binder verification, the server-side code fails to properly handle a NULL return from a function that obtains PSK credentials, leading to a NULL pointer dereference.

This causes the server to crash, resulting in a remote Denial of Service condition.

Impact Analysis

This vulnerability allows a remote, unauthenticated attacker to crash a gnutls-based TLS server by sending a malformed ClientHello message with an invalid PSK binder.

The impact is a remote Denial of Service (DoS), meaning the server becomes unavailable to legitimate users until it is restarted or recovers.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or Denial of Service (DoS) conditions on gnutls-based TLS servers triggered by malformed ClientHello messages containing invalid Pre-Shared Key (PSK) binder values.

Since the issue is caused by a specially crafted ClientHello message with an invalid PSK binder, detection involves capturing and analyzing TLS handshake messages to identify such malformed ClientHello packets.

Commands to detect this may include using network packet capture tools like tcpdump or Wireshark to filter and inspect ClientHello messages for abnormal PSK binder values.

  • Use tcpdump to capture TLS ClientHello messages: tcpdump -i <interface> -w capture.pcap 'tcp port 443'
  • Analyze the capture with Wireshark to inspect ClientHello messages and PSK binder extensions for invalid or malformed values.

Additionally, monitoring server logs for unexpected crashes or core dumps related to gnutls can help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include updating or patching the gnutls library to a version where this vulnerability is fixed.

Since the vulnerability is caused by improper handling of invalid PSK binders during the TLS handshake, disabling or restricting the use of Pre-Shared Key (PSK) extensions on the server side can reduce exposure until a patch is applied.

Monitoring and blocking suspicious TLS ClientHello messages with malformed PSK binders at the network perimeter using intrusion detection or prevention systems can also help mitigate attacks.

Finally, ensure that server logs and monitoring systems are configured to detect and alert on crashes or unusual TLS handshake failures.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1584. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart