Vulnerability CVE-2026-3832: Information
Description
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.
Severity: LOW (3.7)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| gnutls30 | sisyphus | 3.8.13-alt1 | 3.8.13-alt1 | ALT-PU-2026-7123-1 | 417120 | Fixed |
| gnutls30 | sisyphus_e2k | 3.8.13-alt1 | 3.8.13-alt1 | ALT-PU-2026-7620-1 | - | Fixed |
| gnutls30 | sisyphus_riscv64 | 3.8.13-alt1 | 3.8.13-alt1 | ALT-PU-2026-7535-1 | - | Fixed |
| gnutls30 | sisyphus_loongarch64 | 3.8.13-alt1 | 3.8.13-alt1 | ALT-PU-2026-7498-1 | - | Fixed |
| gnutls30 | p11 | 3.8.13-alt1 | 3.8.13-alt1 | ALT-PU-2026-7127-2 | 417121 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:13274 |
|
| https://access.redhat.com/security/cve/CVE-2026-3832 |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=2445762 |
|
| https://gitlab.com/gnutls/gnutls/-/issues/1801 |
|