Close Menu
    Subscribe
    Alerts

    CVE-2026-33845 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

    PUBLISHED Reserved 2026-03-24 | Published 2026-04-30 | Updated 2026-04-30 | Assigner redhat

    HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Problem types

    Integer Underflow (Wrap or Wraparound)

    Product status

    Default status
    affected    Default status
    affected    Default status
    affected    Default status
    affected    Default status
    affected    Default status
    affected    Default status
    affected

    Timeline

    2026-03-24: Reported to Red Hat.
    2026-04-30: Made public.

    References

    access.redhat.com/security/cve/CVE-2026-33845 vdb-entry

    bugzilla.redhat.com/show_bug.cgi?id=2450624 (RHBZ#2450624) issue-tracking

    cve.org (CVE-2026-33845)

    nvd.nist.gov (CVE-2026-33845)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.