{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/gnutls/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-33845"}],"_cs_exploited":false,"_cs_products":["GnuTLS"],"_cs_severities":["high"],"_cs_tags":["cve","denial-of-service","information-disclosure","gnutls"],"_cs_type":"advisory","_cs_vendors":["Red Hat","GnuTLS"],"content_html":"\u003cp\u003eCVE-2026-33845 describes a vulnerability in the GnuTLS library related to the parsing of DTLS handshake fragments. The vulnerability stems from improper handling of malformed fragments that have a zero length but a non-zero offset. This leads to an integer underflow during the reassembly process, which then triggers an out-of-bounds read. The vulnerability is remotely exploitable, meaning an attacker could potentially trigger it without needing local access. Successful exploitation can lead to information disclosure or a denial-of-service condition. The affected component is the GnuTLS library, which is used by various applications for secure communication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious DTLS handshake fragment with a zero length and non-zero offset.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malformed DTLS handshake fragment to a vulnerable GnuTLS server.\u003c/li\u003e\n\u003cli\u003eThe GnuTLS library receives the fragment and begins the reassembly process.\u003c/li\u003e\n\u003cli\u003eThe integer underflow occurs when calculating the correct offset for the fragment reassembly.\u003c/li\u003e\n\u003cli\u003eThe integer underflow leads to an out-of-bounds memory read operation.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds read allows the attacker to potentially read sensitive information from the server\u0026rsquo;s memory.\u003c/li\u003e\n\u003cli\u003eAlternatively, the out-of-bounds read may cause the server to crash, resulting in a denial-of-service.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves either information disclosure or denial-of-service based on the server\u0026rsquo;s response to the out-of-bounds read.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33845 can lead to a denial-of-service condition, impacting the availability of services relying on the vulnerable GnuTLS library. The out-of-bounds read can also potentially expose sensitive information from the server\u0026rsquo;s memory, leading to data breaches. Given the widespread use of GnuTLS in various applications, a successful widespread attack could affect numerous organizations and users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches for GnuTLS provided by Red Hat or other vendors to address CVE-2026-33845.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for malformed DTLS handshake fragments with zero length and non-zero offset that may indicate exploitation attempts targeting CVE-2026-33845.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetectGnuTLSDTLSMalformedFragment\u003c/code\u003e to identify suspicious network connections associated with the vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T18:16:28Z","date_published":"2026-04-30T18:16:28Z","id":"/briefs/2026-04-gnutls-dtls-flaw/","summary":"A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.","title":"GnuTLS DTLS Handshake Parsing Flaw (CVE-2026-33845)","url":"https://feed.craftedsignal.io/briefs/2026-04-gnutls-dtls-flaw/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-33846"}],"_cs_exploited":false,"_cs_products":["GnuTLS"],"_cs_severities":["high"],"_cs_tags":["cve-2026-33846","dtls","heap overflow","gnutls","network"],"_cs_type":"advisory","_cs_vendors":["GnuTLS"],"content_html":"\u003cp\u003eA heap buffer overflow vulnerability has been identified in the DTLS handshake fragment reassembly logic of GnuTLS. The vulnerability, tracked as CVE-2026-33846, resides within the \u003ccode\u003emerge_handshake_packet()\u003c/code\u003e function. This function is responsible for matching and merging incoming DTLS handshake fragments. The core issue is the lack of validation for the \u003ccode\u003emessage_length\u003c/code\u003e field across different fragments belonging to the same logical message. An attacker can exploit this flaw by transmitting malicious DTLS fragments that contain inconsistent \u003ccode\u003emessage_length\u003c/code\u003e values. This inconsistency leads the GnuTLS implementation to allocate a buffer based on a smaller, initial fragment but subsequently attempts to write data beyond the allocated buffer\u0026rsquo;s boundaries using the larger, conflicting fragments. This out-of-bounds write on the heap can be triggered remotely without requiring any form of authentication, making it a critical vulnerability. Successful exploitation can lead to application crashes or, potentially, arbitrary memory corruption.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker initiates a DTLS handshake with a vulnerable GnuTLS server.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a first DTLS handshake fragment with a small \u003ccode\u003emessage_length\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003emerge_handshake_packet()\u003c/code\u003e function allocates a heap buffer based on the initial, smaller \u003ccode\u003emessage_length\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker sends a subsequent DTLS handshake fragment for the same handshake message with a larger, inconsistent \u003ccode\u003emessage_length\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emerge_handshake_packet()\u003c/code\u003e incorrectly merges the second fragment into the allocated buffer without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe write operation overflows the allocated heap buffer, corrupting adjacent memory.\u003c/li\u003e\n\u003cli\u003eThe application crashes due to memory corruption, or the attacker potentially gains further control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33846 can lead to denial-of-service conditions due to application crashes. Memory corruption could allow for arbitrary code execution, but this is a less likely outcome. Given the widespread use of GnuTLS in various applications and systems, a large number of services could be impacted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for DTLS handshakes with inconsistent \u003ccode\u003emessage_length\u003c/code\u003e values in fragmented handshake messages using the provided Sigma rule \u003ccode\u003eDetect DTLS Handshake Fragment Length Mismatch\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply available patches from GnuTLS to remediate CVE-2026-33846.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for DTLS handshake requests to mitigate potential denial-of-service attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-gnutls-dtls-overflow/","summary":"A heap buffer overflow vulnerability, CVE-2026-33846, exists in the DTLS handshake fragment reassembly logic of GnuTLS, allowing unauthenticated remote attackers to cause application crashes or potential memory corruption by sending crafted DTLS fragments with conflicting message lengths.","title":"GnuTLS DTLS Handshake Heap Overflow Vulnerability (CVE-2026-33846)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-gnutls-dtls-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — GnuTLS","version":"https://jsonfeed.org/version/1.1"}