GnuTLS CVE-2026-1584: Brief Summary of a NULL Pointer Dereference in TLS 1.3 PSK Binder Verification

Introduction

A single malformed TLS handshake message can crash any GnuTLS 3.8.11 server that issues session tickets, making this a trivially exploitable remote denial of service condition. CVE-2026-1584 is a NULL pointer dereference in GnuTLS's PSK binder verification logic during TLS 1.3 resumption, carrying a CVSS v3 base score of 7.5 (High) with a network based attack vector that requires no authentication and no user interaction.

GnuTLS is a free software implementation of the TLS, SSL, and DTLS protocols that provides a core cryptographic API for secure network communication. It is a foundational library shipped across numerous Linux distributions including Debian, Ubuntu, Fedora, Alpine, and openSUSE. Its broad adoption means that a regression in GnuTLS can ripple across a significant portion of the Linux server ecosystem.

Technical Information

Root Cause

The vulnerability, classified under CWE-476 (NULL Pointer Dereference), was a regression introduced in GnuTLS 3.8.11 through merge requests !2009 and !2013. These merge requests added a new configurable binder algorithm feature for PSK credentials. The problematic code resides in the server side TLS 1.3 PSK binder verification logic within lib/ext/pre_shared_key.c.

When a GnuTLS server issues a NewSessionTicket and a client subsequently sends a ClientHello referencing that ticket identity for session resumption, the function _gnutls_psk_recv_params() calls _gnutls_get_cred() to fetch PSK credentials. In the session ticket resumption scenario, the returned pskcred pointer is NULL because the server has no standalone PSK credentials configured. While a conditional check existed to return early when pskcred is NULL and GNUTLS_NO_TICKETS is set, the ticket based resumption path continued to pass the NULL pskcred pointer into server_recv_params().

The Crash Condition

The crash occurs under a specific but easily reproducible condition: when the client provides an invalid PSK binder value where the received binder size matches the PRF MAC length but the value itself is incorrect. In this case, the server logic fails to exit early. The code then attempts to dereference pskcred->binder_algo to check the binder algorithm. With pskcred being NULL, this is a classic NULL pointer dereference that immediately crashes the server process with a segmentation fault (SIGSEGV).

Attack Flow

The exploitation sequence is straightforward:

1. The attacker initiates a TLS 1.3 connection to a vulnerable GnuTLS server and completes a normal handshake to receive a NewSessionTicket.
2. The attacker then sends a new ClientHello referencing that ticket identity but with a deliberately corrupted PSK binder value. The binder must have the correct size (matching the PRF MAC length) but incorrect content.
3. The server enters the PSK binder verification code path. Because this is a ticket based resumption, _gnutls_get_cred() returns NULL for pskcred.
4. The binder size check passes (sizes match), so the code does not exit early.
5. The code attempts to access pskcred->binder_algo, dereferencing the NULL pointer.
6. The server process terminates with a segmentation fault.

The crash condition does not depend on a specific priority string configuration. It is inherent to the server side PSK binder handling logic whenever the server issues a NewSessionTicket. Maintainers confirmed that a standard server configuration will reliably segfault on version 3.8.11, whereas version 3.8.10 remains unaffected.

The CVSS vector reflects the nature of this flaw: the attack is network based, low complexity, requires no privileges, and requires no user interaction. The impact is strictly to availability, with no effect on confidentiality or integrity.

Patch Information

The GnuTLS project addressed CVE-2026-1584 in commit acf67a4a, authored by Alexander Sosedkin and shipped as part of GnuTLS 3.8.12, released on February 9, 2026. The fix is tracked under security advisory GNUTLS-SA-2026-02-09-1 and was coordinated via GitLab issue #1790, which was originally reported by Jaehun Lee.

The fix itself is a single line guard added to lib/ext/pre_shared_key.c around line 986:

- if (pskcred->binder_algo == NULL && mac == GNUTLS_MAC_SHA384) {
+ if (pskcred && pskcred->binder_algo == NULL &&
+     mac == GNUTLS_MAC_SHA384) {

By inserting a pskcred NULL check before attempting to access pskcred->binder_algo, the code now safely skips the binder algorithm retry logic when no PSK credential structure exists. When pskcred is NULL, the conditional evaluates to false and falls through to return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, which is the correct error handling behavior for an invalid binder rather than a crash.

Versions 3.8.10 and earlier are not affected by this vulnerability, as the regression was only introduced in the 3.8.11 release. Users should upgrade to GnuTLS 3.8.12 or later. No alternative workarounds or configuration changes are documented in the official advisories to prevent the crash without applying the patch.

Detection Methods

Vulnerability Scanner Coverage (Nessus)

Tenable has published multiple Nessus plugins that detect systems running vulnerable GnuTLS packages:

• Plugin 298449 (unpatched_CVE_2026_1584.nasl): Published February 10, 2026. This is a local check that detects the presence of unpatched gnutls28 packages on Ubuntu Linux systems (16.04 LTS through 25.10). It runs via Nessus Agent, Agentless Assessment, or Frictionless Assessment (AWS/Azure). It requires the host to have Host/local_checks_enabled and global_settings/vendor_unpatched KB items set.
• Plugin 298695: Also added on February 10, 2026, providing additional platform coverage.
• Plugin 299149: Added on February 16, 2026, extending detection to further distributions.

Organizations using Tenable Nessus, Tenable.io, or Tenable.sc should ensure their plugin feeds are updated to at least March 2026 to capture all three detection plugins.

Version Based Detection and Package Auditing

The affected version window is narrow: only GnuTLS version 3.8.11 carries the vulnerable code path. Defenders can use standard package managers to audit installed versions:

• On Debian/Ubuntu based systems, check the installed version of the libgnutls30 or gnutls28 package.
• On Slackware systems, the fix was delivered as gnutls-3.8.12-i586-1_slack15.0.txz (SSA:2026-042-01), with MD5 checksums published in the advisory to verify package integrity.
• CPE identifiers for matching in asset inventories include p-cpe:/a:canonical:ubuntu_linux:gnutls28 and the corresponding entries for other distributions.

Red Hat's advisory notes that most RHEL versions (6 through 10) and OpenShift Container Platform 4 are listed as "Not affected" because the vulnerable code is not present in their shipped versions. However, Red Hat Hardened Images are listed as "Affected," so users of those images should verify their GnuTLS version.

Behavioral Detection and Log Monitoring

Because this vulnerability causes a server crash via NULL pointer dereference when processing a malformed TLS 1.3 ClientHello with an invalid PSK binder, there are observable symptoms defenders can monitor for:

• Process crash logs: GnuTLS based TLS server processes will crash abruptly. Look for segmentation faults (SIGSEGV) or abnormal termination signals in system logs (/var/log/syslog, journalctl, or application specific crash logs) correlated with TLS handshake activity.
• Core dumps: If core dumps are enabled, the backtrace will point to the PSK binder verification code path during TLS 1.3 resumption handling.
• Connection pattern anomalies: Monitoring for repeated, short lived TLS connection attempts that fail during the handshake phase, especially against services known to issue NewSessionTicket messages, could surface exploitation attempts. Repeated server restarts or high availability failovers following TLS handshake attempts are strong indicators.

Network Level Detection (Snort)

A Snort Subscriber Rules update was published on March 3, 2026, which added and modified rules across multiple categories including the server-webapp rule set. While the update announcement does not enumerate specific Snort SIDs for CVE-2026-1584, the timing and scope of the rule update align with the vulnerability's disclosure window. Organizations running Snort with an active subscriber ruleset should ensure they are on rules updated to at least March 2026.

Affected Systems and Versions

The vulnerability is a regression with a narrow affected window:

• Affected: GnuTLS version 3.8.11 only
• Not affected: GnuTLS versions 3.8.10 and earlier
• Fixed in: GnuTLS version 3.8.12

Distribution specific status:

Platform or Distribution	Vulnerability Status	Fixed Version or Notes
Alpine Linux	Affected	gnutls 3.8.12 r0
openSUSE Tumbleweed	Affected	gnutls 3.8.12 1.1 or higher
Ubuntu LTS Releases	Not Affected	Issue introduced in later versions than those shipped
SUSE Linux Enterprise	Not Affected	Baselines not vulnerable
Amazon Linux 2 and 2023	Not Affected	Baselines not vulnerable
RHEL 6 through 10	Not Affected	Shipped versions predate the regression
Red Hat Hardened Images	Affected	Verify GnuTLS version

Organizations running rolling release distributions or custom compiled versions of GnuTLS 3.8.11 are the primary audience for immediate patching.

Vendor Security History

GnuTLS maintains a strong security track record and adheres to established best practices. The project operates a public security page to track vulnerabilities and has a stated policy of ensuring that no known vulnerabilities remain unpatched for more than 60 days. In the case of CVE-2026-1584, the maintainers responded promptly to the private disclosure from Jaehun Lee, verified the regression, assigned a CVE, and released the fix in the subsequent point release. The GnuTLS 3.8.12 release also addressed a second vulnerability, CVE-2025-14831, as noted in the oss-security announcement.

References

• NVD: CVE-2026-1584
• Red Hat Security Advisory: CVE-2026-1584
• Red Hat Bugzilla: Bug 2435258
• GitLab Issue #1790: NULL pointer dereference in PSK binder verification
• GitLab Commit acf67a4a: Fix for CVE-2026-1584
• GnuTLS Security Advisories
• oss-security: gnutls 3.8.12 fixes CVE-2026-1584 and CVE-2025-14831
• GnuTLS NEWS file
• oss-sec Mailing List: gnutls 3.8.12 announcement
• Ubuntu Security: CVE-2026-1584
• Amazon Linux Security: CVE-2026-1584
• Alpine Security Tracker: CVE-2026-1584
• SUSE Security: CVE-2026-1584
• Tenable Nessus Plugin 298449
• Tenable CVE Page: CVE-2026-1584
• Feedly CVE Timeline: CVE-2026-1584
• GnuTLS Help Mailing List: February 2026
• Slackware Advisory: gnutls SSA:2026-042-01
• Snort Subscriber Rules Update: Q1 2026