Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-33846EXPLOITEDPATCHED

red hat · red hat enterprise linux

Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

Description

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/errata/RHSA-2026:13274(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-33846(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2450625(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-33846 | GnuTLS DTLS Handshake Fragment Reassembly merge_handshake_packet message_length length parameter

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

3.8.13-1.hum1

CWECWE-130

PublishedMay 4, 2026

Last enriched2h agov2

Trending Score50

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-7500EXP

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

Multiple Denial of Service Vulnerabilities in Red Hat OpenShift Container Platform

NONECVE-2026-2625

Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification

NONECVE-2026-33845

Gnutls: gnutls: denial of service via dtls zero-length fragment

NONECVE-2026-7309

Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 4, 2026

Discovered by ZDM

May 4, 2026

Updated: description, activelyExploited

May 4, 2026

Actively Exploited

May 4, 2026

Patch Available

May 4, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated vendor to GnuTLS, product to DTLS Handshake Fragment Reassembly Handler, and marked the vulnerability as actively exploited.

descriptionactivelyExploited

via VulDB

v15h ago

Initial creation