CVE-2026-42015

Published: May 3, 2026Last modified: May 11, 2026

Description

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.

Severity score breakdown

ParameterValue
Base score5.3
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgnutlsFixed (3.8.13-r0)
25 LTSgnutlsFixed (3.8.13-r0)
StreamgnutlsFixed (3.8.13-r0)

References

ON THIS PAGE