Vulnerability CVE-2026-33846: Information

Description

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.

Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-33846
Published: May 4, 2026
Modified: May 4, 2026
Error type identifier: CWE-130

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gnutls30sisyphus3.8.13-alt13.8.13-alt1ALT-PU-2026-7123-1417120Fixed
gnutls30p113.8.13-alt13.8.13-alt1ALT-PU-2026-7127-2417121Fixed
gnutls30p103.6.16-alt113.6.16-alt10ALT-PU-2026-7344-1417556Testing
gnutls30c10f23.6.16-alt113.6.16-alt10ALT-PU-2026-7348-1417557Testing

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/errata/RHSA-2026:13274
    https://access.redhat.com/security/cve/CVE-2026-33846
      https://bugzilla.redhat.com/show_bug.cgi?id=2450625
        VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
        Version: v26.2.2
        Back to top