GnuTLS PKCS#12 Off-by-One Memory Corruption Vulnerability Allowing Denial-of-Service

A memory corruption vulnerability has been identified in GnuTLS, specifically within the PKCS#12 bag element handling. An off-by-one error in the bounds check allows a remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could result in a denial-of-service (DoS) condition or potentially other unspecified impacts.

Impact

Exploitation of this vulnerability leads to memory corruption, which can cause crashes or instability in the application. Such corruption may also allow for unauthorized modification of memory, with the potential for executing arbitrary code, depending on the context of the overflow.

Remediation

Users can upgrade to GnuTLS versions included in the Red Hat Enterprise Linux 8, 9, and 10 errata RHSA-2026:20611, RHSA-2026:20612, and RHSA-2026:20613 respectively. For Red Hat OpenShift Container Platform 4, the fix is deferred.