CVE-2026-42009
Public on 2026-05-02
Modified on 2026-05-02
Description
The comparator function used for ordering DTLS packets by sequence numbers did not follow qsort comparator contracts in case of packets with duplicate sequence numbers, which could lead to undefined behaviour.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | gnutls | 2026-06-08 | ALAS2-2026-3324 | Fixed |
| Amazon Linux 2023 | gnutls | 2026-05-26 | ALAS2023-2026-1757 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |