Multiple GnuTLS Vulnerabilities Lead to Denial of Service Risks

Multiple GnuTLS Vulnerabilities Lead to Denial of Service Risks

First seen 21 May 2026, 03:26 UTC UbuntuLinuxsecuritylaunchpad.net 91% similarity 60.6

Article Content

Browse articles
ThreatCluster

A series of vulnerabilities in GnuTLS, discovered by researchers including Joshua Rogers and Oleh Konko, affect multiple Ubuntu releases. These vulnerabilities could allow remote attackers to exploit malformed DTLS handshake fragments and improperly validated OCSP responses, potentially leading to denial of service or machine-in-the-middle attacks. The affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. Specific CVEs include CVE-2026-33845, CVE-2026-33846, CVE-2026-3832, CVE-2026-3833, and CVE-2026-42009. Users are advised to update their systems to mitigate these risks. The vulnerabilities were published between April 30 and May 18, 2026, with the advisory released on May 20, 2026.

Key Points: • GnuTLS vulnerabilities could lead to denial of service and sensitive data exposure. • Affected Ubuntu versions include 26.04 LTS and earlier releases. • Users are urged to update their systems to the latest package versions to mitigate risks.

ThreatCluster AI

Timeline

2026-04-30
CVE-2026-33845 and CVE-2026-3832 published
Vulnerabilities in GnuTLS allow remote attackers to exploit malformed DTLS fragments and bypass certificate revocation checks.
Ubuntu
2026-04-30
CVE-2026-3833 published
Another vulnerability in GnuTLS allows attackers to bypass certificate validation through case-insensitive name constraints.
Ubuntu
2026-05-04
CVE-2026-33846 published
A vulnerability in GnuTLS allows attackers to cause crashes or execute arbitrary code by exploiting DTLS handshake fragment lengths.
Ubuntu
2026-05-07
CVE-2026-42010 and CVE-2026-42011 published
New vulnerabilities in GnuTLS were disclosed, potentially increasing the attack surface for remote exploitation.
Linuxsecurity
2026-05-18
CVE-2026-42009 published
A vulnerability in GnuTLS was disclosed that could lead to denial of service through improper handling of DTLS packets.
Ubuntu
2026-05-20
Ubuntu security notice USN-8284-1 released
Ubuntu released an advisory detailing multiple GnuTLS vulnerabilities and recommended updates for affected users.
Linuxsecurity

Community

Browse all →