CVE-2026-42009

Vulnerability

The vulnerability exists in gnutls's Datagram Transport Layer Security (DTLS) implementation. The comparator function used for ordering DTLS packets by sequence numbers did not correctly handle packets with duplicate sequence numbers, violating qsort comparator contracts. This can lead to unstable packet ordering or undefined behavior, resulting in a denial of service. Affected versions include all versions of gnutls prior to the fix. [1][2]

Exploitation

A remote attacker can send specially crafted DTLS packets with duplicate sequence numbers to a service using gnutls. No authentication is required. The attacker needs network access to the target. The sequence of steps: send crafted DTLS packets to trigger the comparator function to mishandle duplicate sequence numbers, leading to crash or service disruption. [1][2]

Impact

Successful exploitation results in denial of service (DoS) - the target service may crash or become unresponsive due to undefined behavior in the sorting logic. No confidentiality or integrity impact is mentioned. [1][2]

Mitigation

A fix has been proposed: return 0 in the comparator for duplicate sequence numbers to make sorting stable, and discard packets with same sequence numbers and differing handshake type. [2] Users should update gnutls to a patched version once available. Red Hat has acknowledged the issue. [1][2]