CVE-2026-33845: Integer Underflow (Wrap or Wraparound) in Red Hat Red Hat Enterprise Linux 10
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
AI Analysis
Technical Summary
This vulnerability arises from a flaw in the GnuTLS DTLS handshake parsing within Red Hat Enterprise Linux 10. Specifically, malformed DTLS fragments with zero length but non-zero offset trigger an integer underflow during the reassembly process, causing an out-of-bounds read. The issue is remotely exploitable without authentication and can lead to denial of service or potential information disclosure. The CVSS v3.1 base score is 7.5, reflecting a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability (denial of service).
Potential Impact
Successful exploitation of this vulnerability can cause denial of service by crashing the affected service or potentially disclose information due to out-of-bounds memory reads. The vulnerability is exploitable remotely without authentication, increasing its risk. However, there are no known exploits in the wild at this time.
Mitigation Recommendations
As of now, there is no official patch or remediation level provided by Red Hat. Patch status is not yet confirmed — users should regularly check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-33845 for updates and apply any official fixes once available. Until then, consider limiting exposure of affected services to untrusted networks if feasible.
CVE-2026-33845: Integer Underflow (Wrap or Wraparound) in Red Hat Red Hat Enterprise Linux 10
Description
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from a flaw in the GnuTLS DTLS handshake parsing within Red Hat Enterprise Linux 10. Specifically, malformed DTLS fragments with zero length but non-zero offset trigger an integer underflow during the reassembly process, causing an out-of-bounds read. The issue is remotely exploitable without authentication and can lead to denial of service or potential information disclosure. The CVSS v3.1 base score is 7.5, reflecting a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability (denial of service).
Potential Impact
Successful exploitation of this vulnerability can cause denial of service by crashing the affected service or potentially disclose information due to out-of-bounds memory reads. The vulnerability is exploitable remotely without authentication, increasing its risk. However, there are no known exploits in the wild at this time.
Mitigation Recommendations
As of now, there is no official patch or remediation level provided by Red Hat. Patch status is not yet confirmed — users should regularly check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-33845 for updates and apply any official fixes once available. Until then, consider limiting exposure of affected services to untrusted networks if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-03-24T05:31:54.914Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-33845","vendor":"Red Hat"}]
Threat ID: 69f3969dcbff5d8610590846
Added to database: 4/30/2026, 5:51:25 PM
Last enriched: 4/30/2026, 6:06:28 PM
Last updated: 5/1/2026, 4:53:38 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.