CVE-2026-33846: Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-33846?
CVE-2026-33846 is classified as a critical severity vulnerability due to its potential for causing denial of service.
How do I fix CVE-2026-33846?
To mitigate CVE-2026-33846, users should update to the latest version of GnuTLS provided by their vendor, which includes patches for this vulnerability.
What type of vulnerability is CVE-2026-33846?
CVE-2026-33846 is a heap buffer overflow vulnerability that affects the DTLS handshake fragment reassembly in GnuTLS.
What software is affected by CVE-2026-33846?
CVE-2026-33846 specifically impacts the GnuTLS library in its handling of DTLS handshake fragments.
What is the attack vector for CVE-2026-33846?
The attack vector for CVE-2026-33846 involves sending maliciously crafted DTLS handshake fragments to trigger a denial of service.