CVE-2026-33846
Heap Buffer Overflow in GnuTLS DTLS Fragment Reassembly
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnutls | gnutls | to 3.6.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-130 | The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap buffer overflow in the DTLS handshake fragment reassembly logic of GnuTLS. It occurs because the function that merges handshake fragments only checks the handshake type but does not verify that the message_length field is consistent across all fragments of the same message. An attacker can send specially crafted DTLS fragments with conflicting message_length values, causing the program to allocate a buffer based on a smaller fragment and then write beyond that buffer when processing larger fragments. This leads to an out-of-bounds write on the heap.
The vulnerability can be exploited remotely without authentication during the DTLS handshake, potentially causing application crashes or memory corruption.
How can this vulnerability impact me? :
This vulnerability can be exploited to cause a Denial of Service (DoS) by crashing applications that use GnuTLS for DTLS connections. Because it involves a heap buffer overflow, it may also lead to memory corruption, which could potentially be leveraged for further attacks, although no direct impact on confidentiality or integrity is indicated.
Since the vulnerability is remotely exploitable without authentication, any system using vulnerable versions of GnuTLS is at risk of being disrupted by an attacker sending malicious DTLS handshake fragments.
What immediate steps should I take to mitigate this vulnerability?
Currently, there is no official fix released for this vulnerability.
Since the vulnerability allows remote exploitation via the DTLS handshake, immediate mitigation steps include limiting or blocking DTLS traffic to affected systems where possible to reduce exposure.
Monitoring for unusual crashes or memory corruption in applications using GnuTLS may help detect exploitation attempts.
Stay updated with Red Hat Product Security announcements for patches or updates addressing this issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.