Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

SUSE gnutls Important DoS Memory Corruption Vulnern 2026-2822-1

suse
Calendar Grey July 10, 2026
Dist Suse Esm H88
Stay updated on important security patches for the gnutls application in SUSE, addressing various vulnerabilities.
An update that solves 12 vulnerabilities can now be installed.

Summary

## This update for gnutls fixes the following issues * CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and SANs (bsc#1257960). * CVE-2026-3833: incorrectly accepted domain names due to comparison during name constraints processing being case-sensitive (bsc#1263707). * CVE-2026-5260: heap overread when processing extremely short premaster secret as part of an RSA key exchange (bsc#1263715). * CVE-2026-33845: integer overflow and heap overrun when parsing fragments with zero length and non-zero offset during DTLS handshake (bsc#1263704). * CVE-2026-33846: heap overwrite during DTLS handshake fragment reassembly due to missing validations and checks (bsc#1263705).

References

* bsc#1257960

* bsc#1263704

* bsc#1263705

* bsc#1263707

* bsc#1263708

* bsc#1263709

* bsc#1263710

* bsc#1263711

* bsc#1263712

* bsc#1263713

* bsc#1263714

* bsc#1263715

Cross-

* CVE-2025-14831

* CVE-2026-33845

* CVE-2026-33846

* CVE-2026-3833

* CVE-2026-42009

* CVE-2026-42010

* CVE-2026-42011

* CVE-2026-42012

* CVE-2026-42013

* CVE-2026-42014

* CVE-2026-42015

* CVE-2026-5260

CVSS scores:

* CVE-2025-14831 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-33845 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2822-1
Release Date: 2026-07-09T18:07:13Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.