Bug 2467279 (CVE-2026-42009)
| Summary: | CVE-2026-42009 gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | kshier, rhel-process-autobot, stcannon, teagle, watson-tool-maintainers, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-05-06 16:35:48 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:20611 https://access.redhat.com/errata/RHSA-2026:20611 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:20613 https://access.redhat.com/errata/RHSA-2026:20613 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:20612 https://access.redhat.com/errata/RHSA-2026:20612 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:26409 https://access.redhat.com/errata/RHSA-2026:26409 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:30004 https://access.redhat.com/errata/RHSA-2026:30004 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:30850 https://access.redhat.com/errata/RHSA-2026:30850 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:30849 https://access.redhat.com/errata/RHSA-2026:30849 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:32962 https://access.redhat.com/errata/RHSA-2026:32962 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:33125 https://access.redhat.com/errata/RHSA-2026:33125 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.22 Via RHSA-2026:29794 https://access.redhat.com/errata/RHSA-2026:29794 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:34372 https://access.redhat.com/errata/RHSA-2026:34372 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.20 Via RHSA-2026:34788 https://access.redhat.com/errata/RHSA-2026:34788 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.21 Via RHSA-2026:34764 https://access.redhat.com/errata/RHSA-2026:34764 |