Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-33845PATCHED

Red Hat · Red Hat Enterprise Linux 10

Gnutls: gnutls: denial of service via dtls zero-length fragment

Description

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 10	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	red hat enterprise linux	mitre_affected	90%
red hat	red hat openshift container	mitre_affected	90%
red hat	red hat hardened images	mitre_affected	90%

References

https://access.redhat.com/errata/RHSA-2026:13274(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-33845(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2450624(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB3d ago

CVE-2026-33845 | GnuTLS DTLS Handshake integer underflow

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

3.8.13-1.hum1

CWECWE-191

PublishedApr 30, 2026

Last enriched3d agov2

Trending Score18

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-6266EXP

Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

NONECVE-2026-7500EXP

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

NONECVE-2026-33846EXP

Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

Multiple Denial of Service Vulnerabilities in Red Hat OpenShift Container Platform

NONECVE-2026-2625

Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 30, 2026

Discovered by ZDM

Apr 30, 2026

Updated: cvssEstimate

Apr 30, 2026

Patch Available

May 4, 2026

Version History

v2

Last enriched 3d ago

v2Tier C3d ago

Updated description with more technical detail, changed severity to HIGH, and set CVSS estimate to 7.5.

cvssEstimate

via VulDB

v13d ago

Initial creation