Verifying Certificates with large amout of name constraints and subject alternative names makes GnuTLS vulnerable to DoS attacks When trying to verify a certificate chain using the certtool --verify command, with certificates, that contain a larger number of SANs and Name Constraints, GnuTLS tries to verify all of them, without any bound on the quantity of those fields. Using those crafted malicious certificate, GnuTLS is vulnerable to DoS attacks by excessive usage of CPU and memory.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:3477 https://access.redhat.com/errata/RHSA-2026:3477
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:4188 https://access.redhat.com/errata/RHSA-2026:4188
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:5585 https://access.redhat.com/errata/RHSA-2026:5585
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:6618 https://access.redhat.com/errata/RHSA-2026:6618
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:6630 https://access.redhat.com/errata/RHSA-2026:6630
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:6737 https://access.redhat.com/errata/RHSA-2026:6737
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:6738 https://access.redhat.com/errata/RHSA-2026:6738
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812