CVE-2026-42015
Received Received - Intake
Off-by-One Error in GnuTLS PKCS#12 Bag Handling

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: Red Hat, Inc.

Description
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-42015
EUVD
EUVD-2026-32012
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnutls gnutls *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-193 A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an off-by-one error in the PKCS#12 bag element bounds check within gnutls. It allows a remote attacker to write beyond the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements.

This memory corruption issue can lead to a denial of service (DoS) or potentially other unspecified impacts.


How can this vulnerability impact me? :

The primary impact of this vulnerability is the potential for a denial of service (DoS) caused by memory corruption.

There may also be other unspecified impacts due to the memory corruption, but these are not detailed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart