CVE-2026-33845

HIGH
Published April 30, 2026

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of...

Full CISO analysis pending enrichment.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
vLLM pip No patch
85.4K 129 dependents Pushed yesterday 22% patched ~51d to patch Full package profile →
discovery/discovery-server-rhel9 No patch
discovery/discovery-ui-rhel9 No patch
gnutls No patch
gnutls-main No patch
libtasn1 No patch
rhaiis/model-opt-cuda-rhel9 No patch
rhcos No patch
rhui5/cds-rhel9 No patch
rhui5/haproxy-rhel9 No patch
rhui5/installer-rhel9 No patch
rhui5/rhua-rhel9 No patch

How severe is it?

CVSS 3.1
7.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR None
UI None
S Unchanged
C None
I None
A High

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-33845?

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Is CVE-2026-33845 actively exploited?

No confirmed active exploitation of CVE-2026-33845 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-33845?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-33845?

CVE-2026-33845 has a CVSS v3.1 base score of 7.5 (HIGH).

What are the technical details?

Original Advisory

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Weaknesses (CWE)

CWE-191 — Integer Underflow (Wrap or Wraparound): The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Timeline

Published
April 30, 2026
Last Modified
July 6, 2026
First Seen
July 6, 2026

Related Vulnerabilities