CVE-2026-33307

Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0

Description Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the certificate chain sent by the client into a fixed size array, gnutls x509 crt t x509[], without checking if the number of certificates exceeds the array size. gnutls x509 crt t is a pointer to an opaque GnuTLS structure created using gnutls x509 crt init() before importing certificate data. While attacker-controlled data is not written into the stack buffer, writing a pointer after the last array element can trigger a segmentation fault or potentially cause stack corruption. Server configurations that do not use client certificates (GnuTLSClientVerify ignore) are not affected.

Recommendations Mod gnutls versions prior to 0.12.3 should be upgraded to version 0.12.3 or later. Mod gnutls versions prior to 0.13.0 should be upgraded to version 0.13.0 or later.