Gnutls

A vulnerability in gnutls (CVE-2026-42013) allows a remote attacker to bypass certificate validation by providing an oversized Subject Alternative Name (SAN), causing the validation process to fall back to the Common Name (CN) field, potentially leading to spoofing or man-in-the-middle attacks.

CVE-2026-42012 describes a vulnerability in GnuTLS where a remote attacker can spoof legitimate services or intercept sensitive information by presenting a specially crafted certificate with URI or SRV SANs, causing the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN).

A remote attacker could exploit a flaw in GnuTLS's DTLS packet reordering logic (CVE-2026-42009) to cause unstable packet ordering or undefined behavior, resulting in a denial of service.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.

A vulnerability in GNUTLS (CVE-2026-42010) allows a remote attacker to bypass authentication on servers configured with RSA-PSK by sending a specially crafted username containing a NUL character, leading to unauthorized access.

A heap buffer overflow vulnerability, CVE-2026-33846, exists in the DTLS handshake fragment reassembly logic of GnuTLS, allowing unauthenticated remote attackers to cause application crashes or potential memory corruption by sending crafted DTLS fragments with conflicting message lengths.