{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/certificate-overflow/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Mod_gnutls"],"_cs_severities":["medium"],"_cs_tags":["mod_gnutls","apache","tls","certificate-overflow","cve-2026-33307","denial-of-service"],"_cs_type":"advisory","_cs_vendors":["GnuTLS"],"content_html":"\u003cp\u003eA vulnerability exists in Mod_gnutls, a TLS module for Apache HTTPD, specifically affecting versions prior to 0.12.3 and 0.13.0. The flaw, identified as CVE-2026-33307, stems from the improper handling of client certificate verification. When a client presents a certificate chain, the module imports this chain into a fixed-size array without adequately checking if the number of certificates exceeds the array's capacity. Although the vulnerability doesn't directly permit writing attacker-controlled data into the stack buffer, exceeding the buffer size can trigger a segfault or, theoretically, cause stack corruption. This issue primarily impacts server configurations that actively utilize client certificates for authentication (i.e., configurations where \u003ccode\u003eGnuTLSClientVerify ignore\u003c/code\u003e is not set). The vulnerability has been addressed in Mod_gnutls versions 0.12.3 and 0.13.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker initiates a TLS connection to an Apache HTTPD server using mod_gnutls.\u003c/li\u003e\n\u003cli\u003eThe server is configured to require or request client certificates for authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious certificate chain containing more certificates than the server's buffer can hold.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted certificate chain to the server during the TLS handshake.\u003c/li\u003e\n\u003cli\u003eMod_gnutls attempts to import the oversized certificate chain into the fixed-size \u003ccode\u003egnutls_x509_crt_t x509[]\u003c/code\u003e array.\u003c/li\u003e\n\u003cli\u003eDue to the missing size check, the import operation writes beyond the boundaries of the array.\u003c/li\u003e\n\u003cli\u003eThis out-of-bounds write triggers a segmentation fault, causing the Apache HTTPD worker process to crash.\u003c/li\u003e\n\u003cli\u003eAlternatively, in some theoretical scenarios, stack corruption could occur, potentially leading to arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-33307) can lead to a denial-of-service (DoS) condition, as the Apache HTTPD worker process crashes when processing the malicious certificate chain. This impacts servers configured to use client certificate authentication, potentially disrupting services for legitimate users. While widespread exploitation has not been reported, the CVSS v3.1 score of 7.5 indicates a significant risk, especially for systems relying on client certificate authentication.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Mod_gnutls to version 0.12.3 or 0.13.0 to remediate the vulnerability (CVE-2026-33307).\u003c/li\u003e\n\u003cli\u003eFor users of Mod_gnutls 0.12.x who cannot immediately upgrade to 0.13.0, apply version 0.12.3, which provides the minimal fix.\u003c/li\u003e\n\u003cli\u003eMonitor Apache HTTPD server logs for crashes related to mod_gnutls and client certificate verification.\u003c/li\u003e\n\u003cli\u003eConsider temporarily disabling client certificate authentication if immediate patching is not feasible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-02-mod-gnutls-cert-overflow/","summary":"Mod_gnutls versions prior to 0.12.3 and 0.13.0 are vulnerable to a certificate chain overflow when verifying client certificates, potentially leading to a segfault or stack corruption.","title":"Mod_gnutls Certificate Chain Overflow Vulnerability (CVE-2026-33307)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-mod-gnutls-cert-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Certificate-Overflow","version":"https://jsonfeed.org/version/1.1"}