CVE-2026-42015
Awaiting Analysis Awaiting Analysis - Queue
Off-by-One Error in GnuTLS PKCS#12 Bag Handling

Publication date: 2026-05-26

Last updated on: 2026-06-02

Assigner: Red Hat, Inc.

Description
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-42015
EUVD
EUVD-2026-32012
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnutls gnutls *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-193 A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an off-by-one error in the PKCS#12 bag element bounds check within gnutls. It allows a remote attacker to write beyond the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements.

This memory corruption issue can lead to a denial of service (DoS) or potentially other unspecified impacts.

Impact Analysis

The primary impact of this vulnerability is the potential for a denial of service (DoS) caused by memory corruption.

There may also be other unspecified impacts due to the memory corruption, but these are not detailed.

Mitigation Strategies

To mitigate this vulnerability, you should apply the security updates provided by Red Hat for GnuTLS.

  • Update Red Hat Enterprise Linux to versions 8, 9, or 10 with the respective security advisories RHSA-2026:20611, RHSA-2026:20612, and RHSA-2026:20613.
  • Ensure that your system packages are up to date to include the fixes that prevent the off-by-one error in PKCS#12 bag handling.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42015. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart