Heap Buffer Overflow Vulnerability in GnuTLS DTLS Handshake Process
CVE-2026-33846
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 4 May 2026
What is CVE-2026-33846?
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. This issue originates from the merge_handshake_packet() function, where the handling of incoming handshake fragments is compromised. The logic relies solely on the handshake type for matching and merging fragments, neglecting to validate the consistency of the message_length field across all fragments that belong to a single logical message. As a result, an attacker can exploit this flaw by sending specially crafted DTLS fragments with conflicting message_length values. This can lead to a scenario where the implementation allocates a buffer based on a smaller initial fragment but subsequently writes beyond this buffer's bounds using larger, inconsistent fragments. The lack of proper bounds checking during the merge operation can cause out-of-bounds writes on the heap, which may lead to application crashes or memory corruption. This vulnerability can be exploited remotely and does not require authentication, creating a significant risk for affected implementations.
Affected Version(s)
Red Hat Enterprise Linux 10 0:3.8.10-4.el10_2
Red Hat Enterprise Linux 8 0:3.6.16-8.el8_10.6
Red Hat Enterprise Linux 8 0:3.6.16-8.el8_10.6