USN-8284-1 gnutls28 vulnerabilities

Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. CVE-2026-33845 Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered th...

CLSA-2026-1778240890 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix DTLS handshake parsing integer underflow leading to OOB read...

CLSA-2026-1778239503 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix DTLS handshake parsing integer underflow leading to OOB read...

CLSA-2026-1778238907 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix DTLS handshake fragment reassembly integer underflow and heap overrun by tracking fraglength instead of endoffset...

CVE-2026-33846

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

SUSE CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

ALPINE-CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

Red Hat Enterprise Linux 数字错误漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a numerical error vulnerability. This vulnerability stems from the allowed use of zero-length and non-zero offset fragments during DTLS handshake parsing. This...

MiracleLinux 8 : java-11-openjdk-11.0.18.0.10-2.el8 (AXSA:2023-4810:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4810:01 advisory. OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742...

MiracleLinux 8 : java-17-openjdk-17.0.6.0.10-3.el8 (AXSA:2023-4811:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4811:01 advisory. OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742...

MiracleLinux 3 : openssl-0.9.8e-27.AXS3.4 (AXSA:2014-495:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-495:03 advisory. Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and...

SUSE CVE-2025-65497

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

SUSE CVE-2025-65498

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

SUSE CVE-2025-65499

Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...

SUSE CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

EUVD-2025-198713

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

EUVD-2025-198706

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

EUVD-2025-198711

Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the coapdtlsgeneratecookie function. An attacker can cause a crash of the application by sending a specially crafted DTLS handshake that results in SSLgetSSLCTX returning NULL. Remediation Upgrade libcoap to...