CVE-2026-33307 | airtower-luna mod_gnutls up to 0.12.2 on Apache gnutls_x509_crt_init x509[] stack-based overflow

VDB-352637 · CVE-2026-33307 · GCVE-0-2026-33307 AIRTOWER-LUNA MOD_GNUTLS UP TO 0.12.2 ON APACHE GNUTLS_X509_CRT_INIT X509[] STACK-BASED OVERFLOW HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 6.3 $0-$5k 1.54+ Summaryinfo A vulnerability was found in airtower-luna mod_gnutls up to 0.12.2 on Apache. It has been classified as critical. Affected is the function gnutls_x509_crt_init. The manipulation of the argument x509[] leads to stack-based overflow. This vulnerability is uniquely identified as CVE-2026-33307. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended. Detailsinfo A vulnerability was found in airtower-luna mod_gnutls up to 0.12.2 on Apache. It has been rated as critical. This issue affects the function gnutls_x509_crt_init. The manipulation of the argument x509[] with an unknown input leads to a stack-based overflow vulnerability. Using CWE to declare the problem leads to CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Impacted is availability. The summary by CVE is: Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less than or equal to the array size. `gnutls_x509_crt_t` is a `typedef` for a pointer to an opaque GnuTLS structure created using with `gnutls_x509_crt_init()` before importing certificate data into it, so no attacker-controlled data was written into the stack buffer, but writing a pointer after the last array element generally triggered a segfault, and could theoretically cause stack corruption otherwise (not observed in practice). Server configurations that do not use client certificates (`GnuTLSClientVerify ignore`, the default) are not affected. The problem has been fixed in version 0.12.3 by checking the length of the provided certificate chain and rejecting it if it exceeds the buffer length, and in version 0.13.0 by rewriting certificate verification to use `gnutls_certificate_verify_peers()`, removing the need for the buffer entirely. There is no workaround. Version 0.12.3 provides the minimal fix for users of 0.12.x who do not wish to upgrade to 0.13.0 yet. The weakness was disclosed by SegFault. The advisory is shared at github.com. The identification of this vulnerability is CVE-2026-33307 since 03/18/2026. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available. Upgrading to version 0.12.3 eliminates this vulnerability. Productinfo Type Network Encryption Software Vendor airtower-luna Name mod_gnutls Version 0.12.0 0.12.1 0.12.2 Website Product: https://github.com/airtower-luna/mod_gnutls/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 6.4 VulDB Meta Temp Score: 6.3 VulDB Base Score: 5.3 VulDB Temp Score: 5.1 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 7.5 CNA Vector (GitHub_M): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Stack-based overflow CWE: CWE-121 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: mod_gnutls 0.12.3 Timelineinfo 03/18/2026 CVE reserved 03/24/2026 +6 days Advisory disclosed 03/24/2026 +0 days VulDB entry created 03/24/2026 +0 days VulDB entry last update Sourcesinfo Product: github.com Advisory: github.com Researcher: SegFault Status: Confirmed CVE: CVE-2026-33307 (🔒) GCVE (CVE): GCVE-0-2026-33307 GCVE (VulDB): GCVE-100-352637 Entryinfo Created: 03/24/2026 02:52 Changes: 03/24/2026 02:52 (68) Complete: 🔍 Cache ID: 99:D91:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸