CVE-2026-42015: Off-by-one Error in Red Hat Red Hat Enterprise Linux 10
CVE-2026-42015 is an off-by-one error vulnerability in the gnutls library used by Red Hat Enterprise Linux 10. The flaw occurs in the PKCS#12 bag element bounds check, allowing a remote attacker to write past the internal array when appending to a bag that already contains 32 elements. This memory corruption can lead to a denial of service (DoS) or other unspecified impacts. The vulnerability has a medium severity rating with a CVSS score of 5. 3. No known exploits are reported in the wild. Patch status is not confirmed in the available advisory, so users should monitor Red Hat's official advisory for updates.
AI Analysis
Technical Summary
An off-by-one error in the PKCS#12 bag element bounds check within the gnutls library in Red Hat Enterprise Linux 10 allows a remote attacker to write beyond the internal array boundary when appending to a bag containing 32 elements. This memory corruption vulnerability can cause denial of service or potentially other impacts. The CVSS 3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. The vendor advisory does not specify a remediation level or patch availability at this time.
Potential Impact
The vulnerability enables a remote attacker to cause memory corruption by writing past the bounds of an internal array in the PKCS#12 bag structure. This can result in denial of service conditions or potentially other unspecified impacts. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-42015 for current remediation guidance. Until a patch or official fix is available, monitor vendor communications for updates. No vendor advisory content indicates that no action is required or that the issue is already mitigated.
CVE-2026-42015: Off-by-one Error in Red Hat Red Hat Enterprise Linux 10
Description
CVE-2026-42015 is an off-by-one error vulnerability in the gnutls library used by Red Hat Enterprise Linux 10. The flaw occurs in the PKCS#12 bag element bounds check, allowing a remote attacker to write past the internal array when appending to a bag that already contains 32 elements. This memory corruption can lead to a denial of service (DoS) or other unspecified impacts. The vulnerability has a medium severity rating with a CVSS score of 5. 3. No known exploits are reported in the wild. Patch status is not confirmed in the available advisory, so users should monitor Red Hat's official advisory for updates.
CVSS v3.1
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An off-by-one error in the PKCS#12 bag element bounds check within the gnutls library in Red Hat Enterprise Linux 10 allows a remote attacker to write beyond the internal array boundary when appending to a bag containing 32 elements. This memory corruption vulnerability can cause denial of service or potentially other impacts. The CVSS 3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. The vendor advisory does not specify a remediation level or patch availability at this time.
Potential Impact
The vulnerability enables a remote attacker to cause memory corruption by writing past the bounds of an internal array in the PKCS#12 bag structure. This can result in denial of service conditions or potentially other unspecified impacts. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-42015 for current remediation guidance. Until a patch or official fix is available, monitor vendor communications for updates. No vendor advisory content indicates that no action is required or that the issue is already mitigated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-23T11:23:46.517Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-42015","vendor":"Red Hat"}]
Threat ID: 6a161534e29bf47b506c5224
Added to database: 5/26/2026, 9:48:36 PM
Last enriched: 5/26/2026, 10:05:09 PM
Last updated: 5/26/2026, 11:02:02 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.