GnuTLS

CVE-2026-42012 describes a vulnerability in GnuTLS where a remote attacker can spoof legitimate services or intercept sensitive information by presenting a specially crafted certificate with URI or SRV SANs, causing the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN).

A remote attacker could exploit a flaw in GnuTLS's DTLS packet reordering logic (CVE-2026-42009) to cause unstable packet ordering or undefined behavior, resulting in a denial of service.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.

A heap buffer overflow vulnerability, CVE-2026-33846, exists in the DTLS handshake fragment reassembly logic of GnuTLS, allowing unauthenticated remote attackers to cause application crashes or potential memory corruption by sending crafted DTLS fragments with conflicting message lengths.