2456338 – (CVE-2026-32283) CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

Bug 2456338 (CVE-2026-32283) - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

Summary: CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multi...

Keywords:
Status:	NEW
Alias:	CVE-2026-32283
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2457798
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-08 02:01 UTC by OSIDB Bzimport
Modified:	2026-05-06 21:10 UTC (History)
CC List:	143 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:10217	None	None	None	2026-04-23 21:35:57 UTC
Red Hat Product Errata	RHSA-2026:10219	None	None	None	2026-04-24 02:33:45 UTC
Red Hat Product Errata	RHSA-2026:10704	None	None	None	2026-04-27 02:09:38 UTC
Red Hat Product Errata	RHSA-2026:11507	None	None	None	2026-04-29 07:28:18 UTC
Red Hat Product Errata	RHSA-2026:11514	None	None	None	2026-04-29 08:02:12 UTC
Red Hat Product Errata	RHSA-2026:11704	None	None	None	2026-04-29 13:03:41 UTC
Red Hat Product Errata	RHSA-2026:11711	None	None	None	2026-04-29 13:27:15 UTC
Red Hat Product Errata	RHSA-2026:11712	None	None	None	2026-04-29 13:09:49 UTC
Red Hat Product Errata	RHSA-2026:11863	None	None	None	2026-04-29 17:50:39 UTC
Red Hat Product Errata	RHSA-2026:11881	None	None	None	2026-04-29 19:02:25 UTC
Red Hat Product Errata	RHSA-2026:14200	None	None	None	2026-05-06 15:29:50 UTC
Red Hat Product Errata	RHSA-2026:14391	None	None	None	2026-05-06 21:10:22 UTC

Description OSIDB Bzimport 2026-04-08 02:01:39 UTC

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Comment 5 errata-xmlrpc 2026-04-23 21:35:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:10217 https://access.redhat.com/errata/RHSA-2026:10217

Comment 6 errata-xmlrpc 2026-04-24 02:33:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10219 https://access.redhat.com/errata/RHSA-2026:10219

Comment 7 errata-xmlrpc 2026-04-27 02:09:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10704 https://access.redhat.com/errata/RHSA-2026:10704

Comment 8 errata-xmlrpc 2026-04-29 07:28:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11507 https://access.redhat.com/errata/RHSA-2026:11507

Comment 9 errata-xmlrpc 2026-04-29 08:02:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11514 https://access.redhat.com/errata/RHSA-2026:11514

Comment 12 errata-xmlrpc 2026-04-29 13:03:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11704 https://access.redhat.com/errata/RHSA-2026:11704

Comment 13 errata-xmlrpc 2026-04-29 13:09:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11712 https://access.redhat.com/errata/RHSA-2026:11712

Comment 14 errata-xmlrpc 2026-04-29 13:27:07 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11711 https://access.redhat.com/errata/RHSA-2026:11711

Comment 15 errata-xmlrpc 2026-04-29 17:50:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11863 https://access.redhat.com/errata/RHSA-2026:11863

Comment 16 errata-xmlrpc 2026-04-29 19:02:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11881 https://access.redhat.com/errata/RHSA-2026:11881

Comment 19 errata-xmlrpc 2026-05-06 15:29:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:14200 https://access.redhat.com/errata/RHSA-2026:14200

Comment 20 errata-xmlrpc 2026-05-06 21:10:12 UTC

This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:14391 https://access.redhat.com/errata/RHSA-2026:14391

Note You need to log in before you can comment on or make changes to this bug.

aazores
abarbaro
abrianik
akostadi
akoudelk
alcohan
alebedev
alizardo
amasferr
anjoseph
anpicker
ansmith
anthomas
ataylor
bbrownin
bdettelb
bparees
chfoley
ckandaga
cmah
crizzo
csutherl
dbruscin
dhanak
dmayorov
doconnor
drosa
dschmidt
dsimansk
dsoumis
dymurray
eaguilar
ebaron
eborisov
eglynn
ehelms
erezende
ewittman
fdeutsch
ggainey
ggrzybek
gparvin
hasun
ibolton
janstey
jbalunas
jburrell
jcantril
jchui
jclere
jeder
jfula
jhe
jjoyce
jkoehler
jlanda
jlledo
jmatthew
jmontleo
jolong
jowilson
jprabhak
jpretori
jraez
jschluet
juwatts
kingland
kshier
ktsao
kvanderr
kverlaen
lball
lbragsta
lchilton
lgamliel
lhh
lphiri
manissin
mbocek
mburns
mgarciac
mhulan
mnovotny
mrunge
mwringe
nboldt
ngough
nipatil
nmoumoul
nyancey
oaljalju
ometelka
oramraz
osousa
pahickey
pantinor
parichar
pcreech
peholase
pgaikwad
pjindal
plodge
psrna
ptisnovs
pvasanth
rchan
rfreiman
rgodfrey
rhaigner
rhel-process-autobot
rjohnson
rkubis
rmaucher
rojacob
sakbas
sausingh
sdawley
sfeifer
simaishi
slucidi
smallamp
smcdonal
smullick
sseago
stcannon
stirabos
swoodman
syedriko
szappis
tasato
teagle
thason
tmalecek
tsedmik
veshanka
vimartin
vkarehfa
watson-tool-maintainers
wenshen
whayutin
wtam
xdharmai
yguenane