CVE-2026-33845
DTLS Handshake Parsing Integer Underflow in GnuTLS
Publication date: 2026-04-30
Last updated on: 2026-05-05
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| gnu | gnutls | * |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GnuTLS during the DTLS handshake process. It occurs when malformed fragments with zero length but a non-zero offset are processed, causing an integer underflow during the reassembly of these fragments. This leads to an out-of-bounds read, which is a type of memory access error.
The flaw can be triggered remotely by sending a zero-length fragment during a non-empty handshake, which causes the affected system to crash or become unresponsive.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause a Denial of Service (DoS) attack against systems using GnuTLS. The out-of-bounds read triggered by the malformed DTLS fragment can cause the system to crash or become unresponsive, impacting the availability of services relying on GnuTLS.
Additionally, there is a potential for information disclosure due to the out-of-bounds read, although the primary impact is on system availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to monitor updates from your GnuTLS vendor and apply any patches or security updates as soon as they become available.
Additionally, consider restricting or filtering DTLS traffic from untrusted sources to reduce exposure to potential exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a flaw in GnuTLS DTLS handshake parsing triggered by malformed zero-length fragments with non-zero offset. Detection can focus on monitoring DTLS handshake traffic for such abnormal fragments.
One approach is to capture network traffic using tools like tcpdump or Wireshark and filter for DTLS handshake packets containing zero-length fragments.
- Use tcpdump to capture DTLS traffic: tcpdump -i <interface> udp port 4433 -w dtls_capture.pcap
- Analyze the capture with Wireshark, applying a filter for DTLS handshake messages and inspecting fragment lengths for zero-length fragments.
Additionally, monitoring system logs for crashes or unresponsiveness of applications using GnuTLS may indicate exploitation attempts.