RHSA-2026:34372
Vulnerability from csaf_redhat - Published: 2026-07-01 18:54 - Updated: 2026-07-02 12:42A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686 | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64 | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390 | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64 | — |
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686 | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64 | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390 | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64 | — |
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686 | — | ||
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc | — | ||
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64 | — | ||
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le | — | ||
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390 | — | ||
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x | — | ||
| Unresolved product id: 7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gnutls is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment (CVE-2026-33845)\n\n* gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly (CVE-2026-33846)\n\n* gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34372",
"url": "https://access.redhat.com/errata/RHSA-2026:34372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34372.json"
}
],
"title": "Red Hat Security Advisory: gnutls security update",
"tracking": {
"current_release_date": "2026-07-02T12:42:23+00:00",
"generator": {
"date": "2026-07-02T12:42:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:34372",
"initial_release_date": "2026-07-01T18:54:19+00:00",
"revision_history": [
{
"date": "2026-07-01T18:54:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T18:54:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T12:42:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.s390x",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.s390x",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"product": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"product_id": "gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils@3.3.29-9.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.s390",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.s390",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.src",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.src",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc64",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc64",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"product": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"product_id": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils@3.3.29-9.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.x86_64",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.x86_64",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.x86_64",
"product": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.x86_64",
"product_id": "gnutls-utils-0:3.3.29-9.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils@3.3.29-9.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.i686",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.i686",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"product": {
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"product_id": "gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.3.29-9.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"product": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"product_id": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.3.29-9.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"product": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"product_id": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.3.29-9.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"product": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"product_id": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.3.29-9.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"product": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"product_id": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils@3.3.29-9.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"product": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"product_id": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.3.29-9.el7_9.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.3.29-9.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64"
},
"product_reference": "gnutls-0:3.3.29-9.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.3.29-9.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64"
},
"product_reference": "gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.3.29-9.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64"
},
"product_reference": "gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
},
"product_reference": "gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.3.29-9.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64"
},
"product_reference": "gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64"
},
"product_reference": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le"
},
"product_reference": "gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x"
},
"product_reference": "gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-0:3.3.29-9.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
},
"product_reference": "gnutls-utils-0:3.3.29-9.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
],
"known_not_affected": [
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
],
"known_not_affected": [
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
],
"known_not_affected": [
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34372"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.src",
"7Server-ELS:gnutls-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-c++-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-dane-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-debuginfo-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.i686",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-devel-0:3.3.29-9.el7_9.1.x86_64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.ppc64le",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.s390x",
"7Server-ELS:gnutls-utils-0:3.3.29-9.el7_9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.