GnuTLS Vulnerability CVE-2026-33845: Underflow Leads to Remote Exploitation
The National Vulnerability Database has detailed CVE-2026-33845, a critical flaw within GnuTLS’s DTLS handshake parsing. Attackers can exploit this by sending malformed fragments with zero length and a non-zero offset. This triggers an integer underflow during packet reassembly, leading to an out-of-bounds read. The National Vulnerability Database confirms this vulnerability is remotely exploitable, posing a significant risk of information disclosure or denial of service.
While specific affected products are not detailed by the National Vulnerability Database, the CVSS score of 7.5 (HIGH) underscores the severity. The attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making exploitation straightforward for threat actors. This CWE-191 vulnerability, an integer underflow, is a classic path to memory corruption that defenders must prioritize.
What This Means For You
- If your organization utilizes GnuTLS for DTLS communication, you must prioritize patching or mitigating CVE-2026-33845 immediately. This vulnerability allows for remote exploitation without user interaction, potentially leading to sensitive data exposure or system unavailability. Focus on systems handling DTLS traffic and review NVD's advisory for any product-specific guidance.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
GnuTLS DTLS Handshake Underflow Exploit Attempt - CVE-2026-33845
title: GnuTLS DTLS Handshake Underflow Exploit Attempt - CVE-2026-33845
id: scw-2026-04-30-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-33845 by looking for DTLS handshake traffic on port 443 with specific malformed fragment parameters (zero length and non-zero offset) that trigger the integer underflow vulnerability in GnuTLS. This is a direct indicator of an initial access attempt exploiting this specific flaw.
author: SCW Feed Engine (AI-generated)
date: 2026-04-30
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-33845/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: firewall
detection:
selection:
dst_port:
- 443
src_ip:
- '0.0.0.0/0'
dst_ip:
- '0.0.0.0/0'
action:
- 'allow'
uri|contains:
- '/dtls/handshake'
cs-uri-query|contains:
- 'fragment_len=0&offset=1'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33845 | Information Disclosure | GnuTLS DTLS handshake parsing flaw |
| CVE-2026-33845 | DoS | GnuTLS DTLS handshake parsing flaw |
| CVE-2026-33845 | Memory Corruption | Integer underflow during reassembly in GnuTLS DTLS handshake parsing |
| CVE-2026-33845 | Buffer Overflow | Out-of-bounds read in GnuTLS DTLS handshake parsing |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 30, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-3833 — Gnutls Information Disclosure
CVE-2026-3833 — A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name`...
CVE-2026-36763 — The /Api/Blade-Desk/Notice/Submit Endpoint Of SpringBlade Cross-Site Scripting (XSS)
CVE-2026-36763 — A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via...
CVE-2026-36761 — The /Msg/MsgInner/Save Endpoint Of JeeSite Cross-Site Scripting (XSS)
CVE-2026-36761 — A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via...