← voltar
CVE-2026-42013

Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

CVSS 8.2 HIGHEPSS 0.3%CWE-1284
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Produtos afetados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Update Infrastructure 5

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2026:20611https://access.redhat.com/errata/RHSA-2026:20612https://access.redhat.com/errata/RHSA-2026:20613https://access.redhat.com/errata/RHSA-2026:26319https://access.redhat.com/errata/RHSA-2026:26409https://access.redhat.com/security/cve/CVE-2026-42013https://bugzilla.redhat.com/show_bug.cgi?id=2467448