Threats Tagged 'cve-2026-33846'

Red Hat Update Infrastructure (RHUI) container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images. This release updates to the latest version.

GnuTLS (GNU Transport Layer Security Library) ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Please update the gnutls packages to provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Add more checks to DTLS reassembly (CVE-2026-33846) * gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009) * gnutls: Fix crashing on an underflow with a DTLS datagram (CVE-2026-33845) * gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010) * gnutls: Fix case-sensitivity of domain name comparison in name constraints (CVE-2026-3833) * gnutls: Fix intersecting empty constraints (CVE-2026-42011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 (see References) Security Fixes: * rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158) * gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function (CVE-2025-9820) * gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification (CVE-2025-14831) * openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497) * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135) * libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424) * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519) * libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) Users of RHEL-8 based Middleware Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References).

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.