Debian DLA-4595-1 gnutls28 Important Info Disclosure Denial of Service
debian lts
May 22, 2026
Multiple vulnerabilities were found in GnuTLS, a portable library which implements the Transport Layer Security and Datagram Transport Layer Security protocols, which may lead to c...
Summary
CVE-2026-3833
Oleh Konko and Joshua Rogers independently discovered that domain
name comparison during name constraints processing was
case-sensitive, thereby violating RFC 5280 § 7.2. For excluded name
constraints, this could lead to incorrectly accepting domain names
that should've been rejected.
CVE-2026-5260
Joshua Rogers discovered that for a server using an RSA key backed
by a PKCS#11 token, a client sending an extremely short premaster
secret during an RSA key exchange could trigger a short heap
overread.
CVE-2026-33845
Joshua Rogers a remotely triggerable underflow in the DTLS
reassembly code leading to a heap overrun.
CVE-2026-33846
Haruto Kimura, Oscar Reparaz and Zou Dikai independently discovered
that GnuTLS failed to properly check that DTLS fragments claimed a
consistent message_length value, and that a missing bound check on
the array was missing, enabling an attacker to cause a heap
overwrite.
CVE-2026-42009
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: gnutls28
Version: 3.7.1-5+deb11u10
CVE ID: CVE-2026-3833 CVE-2026-5260 CVE-2026-33845 CVE-2026-33846
Debian Bug: 1135319
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!