rpm package
suse/gnutls&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42009 | Hig | 7.5 | < 3.4.17-8.23.1 | 3.4.17-8.23.1 | May 18, 2026 | A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequen | |
| CVE-2026-33846 | Hig | 7.5 | < 3.4.17-8.23.1 | 3.4.17-8.23.1 | May 4, 2026 | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length | |
| CVE-2026-33845 | Hig | 7.5 | < 3.4.17-8.23.1 | 3.4.17-8.23.1 | Apr 30, 2026 | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of | |
| CVE-2025-9820 | Med | 4.0 | < 3.3.27-3.18.1 | 3.3.27-3.18.1 | Jan 26, 2026 | A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error c |
- affected < 3.4.17-8.23.1fixed 3.4.17-8.23.1
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequen
- affected < 3.4.17-8.23.1fixed 3.4.17-8.23.1
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length
- affected < 3.4.17-8.23.1fixed 3.4.17-8.23.1
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of
- affected < 3.3.27-3.18.1fixed 3.3.27-3.18.1
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error c