HIGHCVE-2026-5260Published Modified CNA redhat
CVE-2026-5260: Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
Metrics
- CVSS v3.1
- 8.2
- Severity
- HIGH
- Fixed in
- 0:3.6.16-8.el8_10.6
- Affected Products
- 8
Fix available
0:3.6.16-8.el8_10.6
Affected packages
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 6
- Red Hat / Red Hat Enterprise Linux 7
- Red Hat / Red Hat Enterprise Linux 9
- Red Hat / Red Hat Hardened Images
- Red Hat / Red Hat OpenShift Container Platform 4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H