CVE-2026-42009: Undefined Behavior for Input to API in Red Hat Red Hat Enterprise Linux 10
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
AI Analysis
Technical Summary
This vulnerability affects the DTLS packet reordering mechanism in gnutls on Red Hat Enterprise Linux 10. The comparator function responsible for ordering DTLS packets by sequence numbers does not correctly handle duplicate sequence numbers, which can result in unstable packet ordering or undefined behavior. This flaw can be exploited remotely to cause a denial of service condition. The CVSS 3.1 score is 7.5, indicating high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability.
Potential Impact
The impact is a denial of service caused by unstable or undefined behavior in DTLS packet processing. There is no indication of confidentiality or integrity impact. The vulnerability can be exploited remotely without authentication or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-42009 for current remediation guidance. No explicit patch or workaround information is provided in the available advisory content. Users should monitor Red Hat's official channels for updates and apply any released fixes promptly.
CVE-2026-42009: Undefined Behavior for Input to API in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the DTLS packet reordering mechanism in gnutls on Red Hat Enterprise Linux 10. The comparator function responsible for ordering DTLS packets by sequence numbers does not correctly handle duplicate sequence numbers, which can result in unstable packet ordering or undefined behavior. This flaw can be exploited remotely to cause a denial of service condition. The CVSS 3.1 score is 7.5, indicating high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability.
Potential Impact
The impact is a denial of service caused by unstable or undefined behavior in DTLS packet processing. There is no indication of confidentiality or integrity impact. The vulnerability can be exploited remotely without authentication or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-42009 for current remediation guidance. No explicit patch or workaround information is provided in the available advisory content. Users should monitor Red Hat's official channels for updates and apply any released fixes promptly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-23T11:23:46.516Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-42009","vendor":"Red Hat"}]
Threat ID: 6a0b0eecec166c07b0b89835
Added to database: 5/18/2026, 1:06:52 PM
Last enriched: 5/18/2026, 1:21:35 PM
Last updated: 5/20/2026, 7:28:35 PM
Views: 32
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.