CVE-2026-33845

· NIST NVD ↗

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

HIGH
CVSS severity
7.5
CVSS base score
2026-04-30
Published

CWE codes

CWE-191

Affected products

gnu:gnutlsredhat:openshift_container_platformredhat:enterprise_linux

Sources