CVE-2026-33846
Published: 04 May 2026
Summary
CVE-2026-33846 is a high-severity Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the specific heap buffer overflow flaw in GnuTLS DTLS fragment reassembly through patching or updates.
Provides memory protections like ASLR and DEP to mitigate exploitation of heap buffer overflows from inconsistent DTLS fragment processing.
Enforces validation of DTLS handshake fragment inputs to ensure message_length consistency and prevent out-of-bounds writes during reassembly.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated DTLS fragment exploit in GnuTLS enables T1190 (public-facing app exploitation) and T1499.004 (application exploitation for DoS via crash/memory corruption).
NVD Description
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains…
more
consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
Deeper analysisAI
A heap buffer overflow vulnerability, tracked as CVE-2026-33846, exists in the DTLS handshake fragment reassembly logic of GnuTLS. The flaw occurs in the merge_handshake_packet() function, where incoming handshake fragments are matched and merged based solely on handshake type without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments due to inadequate bounds checking against the allocated buffer size.
This vulnerability is remotely exploitable without authentication via the DTLS handshake path by any network attacker. Exploitation involves sending specially crafted DTLS fragments, leading to out-of-bounds writes on the heap that can result in application crashes or potential memory corruption. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-130 (Improper Handling of Length Parameter Inconsistency).
Red Hat has issued errata RHSA-2026:13274 to address the issue. Further details on the vulnerability and remediation are available via the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-33846 and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2450625.
Details
- CWE(s)