CVE-2026-10028
glib-networking GnuTLS Certificate Verification DoS
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glib | glib-networking | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in glib-networking when used with the GnuTLS backend for certificate verification. A remote attacker can exploit it by presenting a specially crafted certificate chain that contains circular issuer relationships. This causes the certificate verification process to enter an infinite loop.
The infinite loop leads to unbounded traversal during verification, which consumes excessive CPU resources.
As a result, the affected process or worker experiences a denial of service.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition.
Because the certificate verification process can enter an infinite loop consuming excessive CPU resources, the affected application or service may become unresponsive or crash.
This can disrupt normal operations and availability of services relying on glib-networking with GnuTLS backend.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a denial of service by exhausting CPU resources during certificate verification, potentially disrupting the availability of affected applications.
While the vulnerability impacts service availability, there is no information provided about direct effects on data confidentiality or integrity.
Therefore, based on the available information, it is unclear how this vulnerability specifically affects compliance with standards like GDPR or HIPAA, which focus on data protection and privacy.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusually high CPU usage or hangs in applications using glib-networking with the GnuTLS backend during TLS certificate verification.
Since the issue arises from a specially crafted certificate chain with circular issuer relationships, detection involves observing TLS handshake failures or delays when connecting to suspicious or untrusted TLS servers.
No specific commands are provided in the available resources, but general approaches include using network monitoring tools to capture TLS handshakes and analyzing certificate chains for circular references.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding client certificate verification from untrusted sources to prevent processing malicious certificate chains.
Another recommended step is to use alternative TLS backends instead of the GnuTLS backend in glib-networking, if possible.
Additionally, enforcing handshake timeouts can help limit the impact of the infinite loop caused by circular certificate chains.