Gnu Gnutls vulnerabilities

CVE-2026-33846 [HIGH] CWE-130 gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_l

CVE-2026-33845 [HIGH] CWE-191 gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service. Statement: This issue marked as Important severity

CVE-2026-3833 [MEDIUM] CWE-178 gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf cer

CVE-2026-3832 [LOW] CWE-179 gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP respon

CVE-2026-42013 [HIGH] CWE-1284 gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially le

CVE-2026-42012 [HIGH] CWE-295 gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrec

CVE-2026-42010 [HIGH] gnutls: gnutls: Authentication Bypass via NUL Character in Username gnutls: gnutls: Authentication Bypass via NUL Character in Username A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to ga

CVE-2026-42011 [HIGH] CWE-295 gnutls: gnutls: Security bypass due to incorrect name constraint handling gnutls: gnutls: Security bypass due to incorrect name constraint handling A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could

CVE-2026-5260 [HIGH] CWE-1284 gnutls: gnutls: Information disclosure via heap overread in RSA key exchange gnutls: gnutls: Information disclosure via heap overread in RSA key exchange A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure. Package: gnutls (Red H

CVE-2026-42009 [HIGH] CWE-475 gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable

CVE-2026-42015 [MEDIUM] CWE-193 gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of serv

CVE-2026-42014 [MEDIUM] gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin No description is available for this CVE. Package: gnutls (Red Hat Enterprise Linux 10) - Affected Package: gnutls (Red Hat Enterprise Linux 6) - Out of support scope Package: gnutls (Red Hat Enterprise Linux 7) - Affected Package: gnutls (Red Hat Enterprise Linux 8) - Affected Package: gnutls (Red Hat Enterprise Linux 9) - Affected Package: gnutls (R

CVE-2026-5419 [LOW] CWE-208 guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a for

CVE-2025-32988 [HIGH] CWE-415 CVE-2025-32988: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when

CVE-2024-0553 [HIGH] CVE-2024-0553: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKe A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-05

CVE-2024-0567 [HIGH] CWE-347 CVE-2024-0567: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

CVE-2023-5981 [MEDIUM] CWE-208 CVE-2023-5981: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExcha A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CVE-2023-0361 [HIGH] CWE-203 CVE-2023-0361: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Th A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the

CVE-2021-4209 [MEDIUM] CWE-476 CVE-2021-4209: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally ca A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

CVE-2022-2509 [HIGH] CWE-415 CVE-2022-2509: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs du A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.