GnuTLS Vulnerability in DTLS Handshake Parsing Affects Red Hat
CVE-2026-33845

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-33845?

A flaw in the GnuTLS implementation of the DTLS handshake parsing can lead to serious security risks. Specifically, the vulnerability allows for the creation of malformed fragments with a zero length and a non-zero offset. This leads to an integer underflow during the reassembly process, which may trigger an out-of-bounds read. Such a scenario poses a risk for remote exploitation, potentially resulting in information disclosure or denial of service effects. It is crucial for users of GnuTLS to stay informed about this vulnerability and apply necessary patches or updates.

References

https://access.redhat.com/security/cve/CVE-2026-33845

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2450624

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Mar 24, 2026

CVE-2026-33845 Data

JSON