{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-1584/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-1584"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-1584","denial-of-service","gnutls"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-1584 is a vulnerability found in the gnutls library, a widely used implementation of the TLS protocol. This vulnerability allows an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on a server utilizing a vulnerable version of gnutls. The attack involves sending a specially crafted TLS ClientHello message containing an invalid Pre-Shared Key (PSK) binder value. This malformed message triggers a NULL pointer dereference within the gnutls library, leading to a server crash. The vulnerability was reported on April 9, 2026, and affects systems using gnutls for TLS communication. This vulnerability poses a significant risk to services relying on gnutls for secure communication, potentially disrupting availability and impacting users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a server utilizing a vulnerable version of gnutls.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a TLS ClientHello message.\u003c/li\u003e\n\u003cli\u003eAttacker modifies the ClientHello message to include an invalid Pre-Shared Key (PSK) binder value.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted ClientHello message to the target server.\u003c/li\u003e\n\u003cli\u003eThe server\u0026rsquo;s gnutls library processes the malformed ClientHello message.\u003c/li\u003e\n\u003cli\u003eDue to the invalid PSK binder, a NULL pointer dereference occurs within gnutls.\u003c/li\u003e\n\u003cli\u003eThe NULL pointer dereference causes the gnutls process to crash.\u003c/li\u003e\n\u003cli\u003eThe server becomes unavailable, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-1584 leads to a denial-of-service condition, rendering the affected server unavailable. The impact is service disruption for any application relying on the vulnerable gnutls instance. There is no specific victim count available; however, any server using a vulnerable version of gnutls is susceptible. The vulnerable software is used across multiple sectors, including web servers, mail servers, and VPN gateways. A successful attack disrupts TLS communication, preventing users from accessing services.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for malformed TLS ClientHello messages containing invalid PSK binder values to detect potential exploitation attempts. (See Sigma rule \u0026ldquo;Detect Malformed TLS ClientHello with Invalid PSK Binder\u0026rdquo;)\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of gnutls that addresses CVE-2026-1584 to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on TLS connections to mitigate the impact of DoS attacks.\u003c/li\u003e\n\u003cli\u003eEnable verbose logging on TLS connections to aid in the detection and analysis of exploitation attempts (e.g., webserver logs).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T18:16:44Z","date_published":"2026-04-09T18:16:44Z","id":"/briefs/2026-04-gnutls-dos/","summary":"A remote, unauthenticated attacker can exploit CVE-2026-1584 in gnutls by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake, leading to a NULL pointer dereference and a denial-of-service condition.","title":"GNUTLS Denial of Service via Malformed ClientHello (CVE-2026-1584)","url":"https://feed.craftedsignal.io/briefs/2026-04-gnutls-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-1584","version":"https://jsonfeed.org/version/1.1"}