What is GHSA-9gx7-g5hv-xjjj?

GHSA-9gx7-g5hv-xjjj is a security advisory published by GitHub Security Advisories with High severity. A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport...

Which CVE IDs does GHSA-9gx7-g5hv-xjjj cover?

GHSA-9gx7-g5hv-xjjj covers the following CVE IDs: CVE-2026-42009. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9gx7-g5hv-xjjj?

GHSA-9gx7-g5hv-xjjj has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-9gx7-g5hv-xjjjHighCVSS 7.5

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-42009 →

📋 Description

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-42009
https://access.redhat.com/security/cve/CVE-2026-42009
https://bugzilla.redhat.com/show_bug.cgi?id=2467279
https://github.com/advisories/GHSA-9gx7-g5hv-xjjj