libgnutls Heap Overread Vulnerability in RSA Key Exchange with PKCS#11 Keys

Vulnerability

A memory corruption vulnerability allowing information disclosure has been identified in libgnutls. This issue arises when a remote attacker sends an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token. The manipulation can trigger a short heap overread, leading to unauthorized memory access.

Impact

Exploitation of this vulnerability causes a heap overread, allowing a remote attacker to read sensitive information from memory.

Added: May 26, 2026, 11:41 PM

Updated: May 26, 2026, 11:41 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.0

remediation

8.3

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.0

remediation

8.3

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libgnutls Heap Overread Vulnerability in RSA Key Exchange with PKCS#11 Keys

Vulnerability

Impact

Affected Products

GnuTLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating