CVE-2026-1584
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images | 3.8.12-1.1.hum1 < * | unaffected |
Weaknesses
- CWE-476: NULL Pointer Dereference
Workarounds
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
gnutls: gnutls: Remote Denial of Service via crafted ClientHello with invalid PSK binder
Additional References
- https://access.redhat.com/security/cve/CVE-2026-1584
- https://bugzilla.redhat.com/show_bug.cgi?id=2435258
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1584.json
- https://access.redhat.com/errata/RHSA-2026:7477
References
- https://access.redhat.com/errata/RHSA-2026:7477
- https://access.redhat.com/security/cve/CVE-2026-1584
- https://bugzilla.redhat.com/show_bug.cgi?id=2435258
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.