This vulnerability exists in the GnuTLS library's DTLS handshake fragment reassembly logic, specifically in the merge_handshake_packet() function. The function merges incoming handshake fragments based solely on handshake type and does not validate that the message_length field is consistent across all fragments of the same logical message. An attacker can send malicious DTLS fragments with conflicting message_length values, causing the system to allocate a buffer based on a smaller fragment and then write beyond its bounds when processing larger inconsistent fragments. This results in a heap buffer overflow, which is remotely exploitable without authentication via the DTLS handshake path. The vulnerability can cause application crashes or potential memory corruption. The CVSS v3.1 base score is 7.5, indicating high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (denial of service). Red Hat has issued security advisories and updates for GnuTLS packages to address this issue.

The vulnerability allows a remote attacker to cause a heap buffer overflow in the DTLS handshake fragment reassembly process, leading to application crashes or potential memory corruption. This can result in denial of service conditions. There is no indication of confidentiality or integrity impact. Exploitation does not require authentication or user interaction.

Red Hat has released security updates for the GnuTLS packages that fix this vulnerability. Users of Red Hat Enterprise Linux 10 should apply the updated GnuTLS packages as provided in the Red Hat security advisory RHSA-2026:13274. The vendor advisory confirms that a fix is available and should be applied to remediate this issue. No additional mitigations are specified beyond applying the official update.