Threat Intel

v0.1

← CVEs

CVE-2026-33307

HIGH 7.5
Published
2026-03-24
Last Modified
2026-03-24
Affected Apps
14
Affected Devices
44
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less than or equal to the array size. `gnutls_x509_crt_t` is a `typedef` for a pointer to an opaque GnuTLS structure created using with `gnutls_x509_crt_init()` before importing certificate data into it, so no attacker-controlled data was written into the stack buffer, but writing a pointer after the last array element generally triggered a segfault, and could theoretically cause stack corruption otherwise (not observed in practice). Server configurations that do not use client certificates (`GnuTLSClientVerify ignore`, the default) are not affected. The problem has been fixed in version 0.12.3 by checking the length of the provided certificate chain and rejecting it if it exceeds the buffer length, and in version 0.13.0 by rewriting certificate verification to use `gnutls_certificate_verify_peers()`, removing the need for the buffer entirely. There is no workaround. Version 0.12.3 provides the minimal fix for users of 0.12.x who do not wish to upgrade to 0.13.0 yet.
Affected Applications in Environment 14
gnutls v3.6.16-8.el8_10.3
1 device
gnutls v3.8.3-6.el9
20 devices
gnutls v3.8.3-9.el9
5 devices
gnutls v3.6.16-8.el8_10.4
4 devices
gnutls v3.3.29-9.el7_6
1 device
gnutls v3.8.3-10.el9_7
2 devices
gnutls v3.8.3-6.el9_6.2
2 devices
gnutls v3.8.3-10.el9_7
1 device
gnutls v3.8.3-6.el9_6.2
1 device
gnutls v3.6.16-6.el8_7
2 devices
gnutls v3.6.16-8.el8_9.3
1 device
gnutls v3.6.16-8.el8_10.3
1 device
gnutls v3.8.10-3.el10_1
1 device
gnutls v3.6.16-8.el8_10.4
2 devices
Affected Devices 44
atc.db.usu.edu Linux chela03 Linux chela04 Linux chela05 Linux cleanaddressdev.banner.usu.edu Linux devjobsub.banner.usu.edu Linux dpapsb-161390.aggies.usu.edu Linux dpapsb-191594.mypc.usu.edu Linux el103-02.ece.usu.edu Linux el103-03.ece.usu.edu Linux el103-04.ece.usu.edu Linux el103-05.ece.usu.edu Linux el103-07.ece.usu.edu Linux el103-08.ece.usu.edu Linux el103-09.ece.usu.edu Linux el103-10.ece.usu.edu Linux el103-14.ece.usu.edu Linux el103-15.ece.usu.edu Linux el103-16.ece.usu.edu Linux el103-17.ece.usu.edu Linux el103-18.ece.usu.edu Linux el103-19.ece.usu.edu Linux el103-20.ece.usu.edu Linux el120-01.ece.usu.edu Linux el120-02.ece.usu.edu Linux el120-03.ece.usu.edu Linux el120-04.ece.usu.edu Linux el120-05.ece.usu.edu Linux el120-06.ece.usu.edu Linux el120-08.ece.usu.edu Linux el120-09.ece.usu.edu Linux el120-10.ece.usu.edu Linux el120-11.ece.usu.edu Linux el120-12.ece.usu.edu Linux el120-14.ece.usu.edu Linux eprocdev.banner.usu.edu Linux facreadyprod.pplant.usu.edu Linux facreadytestrhel.pplant.usu.edu Linux facshibsp2.pplant.usu.edu Linux guru.cluster Linux oms.db.usu.edu Linux paymentworksdev.banner.usu.edu Linux thinkstation Linux zldtst.db.usu.edu Linux
References 2