Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1757)

critical Nessus Plugin ID 316839

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1757 advisory.

GnuTLS didn't check that DTLS fragments claimed a consistent message_length value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite. (CVE-2026-33846)

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure. (CVE-2026-3833)

The comparator function used for ordering DTLS packets by sequence numbers did not follow qsort comparator contracts in case of packets with duplicate sequence numbers, which could lead to undefined behaviour.
(CVE-2026-42009)

Servers configured with RSA-PSK wrongfully matched usernames with NUL character in them to ones truncated to NUL character, which could lead to an authentication bypass. (CVE-2026-42010)

Changing the Security Officer PIN with gnutls_pkcs11_token_set_pin() with oldpin == NULL for a token lacking a protected authentication path led to a use-after-free. (CVE-2026-42014)

Appending to a PKCS#12 bag that already contained 32 elements could write past the bag's internal array.
(CVE-2026-42015)

For a server using an RSA key backed by a PKCS#11 token, a client sending an extremely short premaster secret during an RSA key exchange could trigger a short heap overread. (CVE-2026-5260)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Plugin Details

Severity: Critical

ID: 316839

File Name: al2023_ALAS2023-2026-1757.nasl

Version: 1.1

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/26/2026

Updated: 5/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-42010

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:gnutls, p-cpe:/a:amazon:linux:gnutls-dane, p-cpe:/a:amazon:linux:gnutls-debuginfo, p-cpe:/a:amazon:linux:gnutls-devel, p-cpe:/a:amazon:linux:gnutls-utils, p-cpe:/a:amazon:linux:gnutls-c%2b%2b, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:gnutls-dane-debuginfo, p-cpe:/a:amazon:linux:gnutls-debugsource, p-cpe:/a:amazon:linux:gnutls-utils-debuginfo, p-cpe:/a:amazon:linux:gnutls-c%2b%2b-debuginfo

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/25/2026

Vulnerability Publication Date: 4/30/2026

Reference Information

CVE: CVE-2026-33846, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260

IAVA: 2026-A-0405

Detections

Analytics