cvedb.io
CVE-2026-33307
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-03-24T02:16:05.283 · Last modified 2026-06-17T10:37:17.667

Summary

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less than or equal to the array size. `gnutls_x509_crt_t` is a `typedef` for a pointer to an opaque GnuTLS structure created using with `gnutls_x509_crt_init()` before importing certificate data into it, so no attacker-controlled data was written into the stack buffer, but writing a pointer after the last array element generally triggered a segfault, and could theoretically cause stack corruption otherwise (not observed in practice). Server configurations that do not use client certificates (`GnuTLSClient

Affected products

mod_gnutls_project — mod_gnutls

Does this affect you?

Add your gear to cvedb and we'll alert you only when mod_gnutls_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.