PatchSiren cyber security CVE debrief

CVE-2026-33845 Red Hat CVE debrief

A vulnerability in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset to trigger an integer underflow during reassembly, resulting in an out-of-bounds read. This flaw is remotely exploitable and may lead to information disclosure or denial of service. The issue affects GnuTLS and Red Hat products including OpenShift Container Platform 4.0 and Enterprise Linux versions 6.0 through 10.0. The vulnerability was published on April 30, 2026, and last modified on May 27, 2026. Red Hat has issued security advisories addressing this issue.

Vendor: Red Hat
Product: Red Hat Enterprise Linux 8
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-04-30
Original CVE updated: 2026-05-27
Advisory published: 2026-04-30
Advisory updated: 2026-05-27

Who should care

Organizations running GnuTLS with DTLS enabled, particularly those using Red Hat Enterprise Linux 6.0-10.0 or OpenShift Container Platform 4.0. System administrators responsible for TLS/DTLS infrastructure and security teams monitoring for denial-of-service vulnerabilities in cryptographic libraries.

Technical summary

CVE-2026-33845 is a vulnerability in GnuTLS affecting DTLS handshake parsing. Malformed fragments with zero length and non-zero offset trigger an integer underflow during reassembly, leading to an out-of-bounds read. The flaw is remotely exploitable without authentication and may cause denial of service or information disclosure. The vulnerability is classified as CWE-191 (Integer Underflow) with a CVSS 3.1 score of 7.5 (HIGH). Affected products include GnuTLS and Red Hat Enterprise Linux versions 6.0 through 10.0, plus OpenShift Container Platform 4.0. Red Hat has issued security advisories RHSA-2026:13274 and RHSA-2026:20611 to address this issue.

Defensive priority

HIGH

Recommended defensive actions

Apply security updates from Red Hat as referenced in RHSA-2026:13274 and RHSA-2026:20611
Monitor Red Hat Bugzilla bug 2450624 for additional technical details and patch status
Review DTLS-enabled services using GnuTLS for exposure to untrusted network traffic
Consider network segmentation to limit exposure of DTLS services until patching is complete
Verify GnuTLS version and confirm patch application through vendor-provided guidance

Evidence notes

The vulnerability description is derived from the official CVE record and NVD entry. Affected product information is based on CPE criteria from the NVD source data, including GnuTLS and multiple Red Hat Enterprise Linux versions. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms network attack vector with low complexity and no privileges required, resulting in high availability impact. The weakness is classified as CWE-191 (Integer Underflow). Red Hat has issued security advisories RHSA-2026:13274 and RHSA-2026:20611, with additional tracking via Bugzilla bug 2450624.

Official resources

CVE-2026-33845 CVE record
CVE.org
CVE-2026-33845 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Vendor Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory

2026-04-30T18:16:28.003Z