Threats Tagged 'cve-2026-33845'

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009) * gnutls: Fix crashing on an underflow with a DTLS datagram (CVE-2026-33845) * gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010) * gnutls: Fix case-sensitivity of domain name comparison in name constraints (CVE-2026-3833) * gnutls: Fix intersecting empty name constraints (CVE-2026-42011) * gnutls: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly (CVE-2026-33846) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). - CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). - CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708).

Please update the gnutls packages to provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Add more checks to DTLS reassembly (CVE-2026-33846) * gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009) * gnutls: Fix crashing on an underflow with a DTLS datagram (CVE-2026-33845) * gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010) * gnutls: Fix case-sensitivity of domain name comparison in name constraints (CVE-2026-3833) * gnutls: Fix intersecting empty constraints (CVE-2026-42011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). - CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). - CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708).

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.