Introduction
A single malformed DTLS handshake fragment, carrying zero bytes of payload but claiming a non zero offset, is enough to trigger a heap overrun in GnuTLS and crash any service relying on it for UDP based secure communication. This integer underflow in the DTLS reassembly path, tracked as CVE-2026-33845 with a CVSS score of 7.5, was patched in GnuTLS 3.8.13 on April 29, 2026, alongside two other related DTLS vulnerabilities that together reveal significant fragility in the library's fragment handling logic.
GnuTLS is a free software implementation of the TLS, SSL, and DTLS protocols, providing a core cryptographic API used across numerous Linux distributions and open source projects. It serves as the default or alternative TLS backend for applications ranging from mail servers to VPN software, making its attack surface relevant to a broad swath of infrastructure. Any vulnerability in its protocol parsing code has the potential to ripple across many downstream consumers.
Technical Information
The vulnerability resides in the DTLS handshake fragment reassembly code within GnuTLS. DTLS, unlike TLS over TCP, operates over UDP and must handle message fragmentation and reordering at the protocol level. During the handshake, large messages can be split into fragments, each described by a fragment offset and fragment length. The reassembly logic is responsible for collecting these fragments and reconstructing the original handshake message.
Root Cause
The root cause is an improper validation of fragment parameters (CWE-191: Integer Underflow). When a DTLS handshake fragment arrives with a zero length but a non zero offset for a handshake message that has a non empty total length, the reassembly code performs an arithmetic operation that results in an integer underflow. This underflow corrupts the calculation used to determine buffer boundaries during reassembly, which in turn causes an out of bounds read on the heap.
Attack Flow
The exploitation path is straightforward and requires no authentication:
- An attacker sends a DTLS ClientHello or other handshake initiation to a target service that uses GnuTLS for DTLS.
- During the handshake exchange, the attacker injects a specially crafted handshake fragment. This fragment declares a zero length payload but specifies a non zero fragment offset, while the overall handshake message has a non empty expected length.
- The GnuTLS reassembly code accepts this malformed fragment without adequate validation.
- When computing the remaining bytes to reassemble, the code subtracts the fragment length (zero) from a value derived from the offset and total message length. Due to the mismatch between the zero length and non zero offset, an integer underflow occurs.
- The underflowed value is then used as a size or index parameter in a subsequent memory read operation, causing the library to read beyond the bounds of the allocated heap buffer.
- This out of bounds read can crash the process (denial of service) or, depending on heap layout and application behavior, may leak portions of heap memory back to the attacker (information disclosure).
Because DTLS operates over UDP, the attacker does not need to complete a TCP handshake, further lowering the barrier to exploitation. A single crafted UDP packet during the initial handshake, before any session is established, can trigger the flaw.
Related Vulnerabilities Fixed in the Same Release
This flaw was discovered and reported by Joshua Rogers of the AISLE Research Team and is tracked under vendor advisory GNUTLS SA 2026 04 29 3. It was patched alongside two other DTLS reassembly vulnerabilities:
| Vulnerability ID | Vendor Advisory | Impact | CVSS Score | Fix Version |
|---|---|---|---|---|
| CVE-2026-33845 | GNUTLS SA 2026 04 29 3 | Remotely triggerable underflow leading to heap overrun | 7.5 High | 3.8.13 |
| CVE-2026-42009 | GNUTLS SA 2026 04 29 2 | Comparator function contract violation causing undefined behavior | 7.5 High | 3.8.13 |
| CVE-2026-33846 | GNUTLS SA 2026 04 29 1 | Missing boundary checks enabling heap overwrite | 7.5 High | 3.8.13 |
The concurrent resolution of all three vulnerabilities underscores the complexity and fragility of the previous DTLS fragment reassembly implementation.
Affected Systems and Versions
The vulnerability affects GnuTLS versions in the 3.8.x branch prior to 3.8.13. The fix was released in GnuTLS 3.8.13 on April 29, 2026. Any application or service linked against a vulnerable version of GnuTLS that accepts DTLS connections is potentially affected. This includes but is not limited to:
- VPN concentrators and gateways using GnuTLS for DTLS tunneling
- WebRTC infrastructure
- IoT gateways and embedded devices
- Mail servers and other network services configured with DTLS support
Red Hat has issued security advisories RHSA-2026:5585 and RHSA-2026:3477 for affected packages in their distribution.
Vendor Security History
GnuTLS maintains a transparent security advisory process and has historically responded rapidly to disclosed vulnerabilities. The simultaneous release of fixes for three related DTLS reassembly flaws (CVE-2026-33845, CVE-2026-42009, and CVE-2026-33846) in version 3.8.13 demonstrates a coordinated approach to security hardening. The fact that three distinct vulnerabilities were found in the same subsystem suggests that the DTLS fragment reassembly code had accumulated technical debt, but the vendor's willingness to address all three in a single release and publish clear advisories reflects well on their security posture.
