CVE-2026-10028: glib-networking GnuTLS后端证书链死锁DoS漏洞分析

漏洞概述 漏洞编号: CVE-2026-10028 漏洞描述: 在 的 GnuTLS 后端中，存在一个无限循环漏洞，允许远程攻击者通过提供包含循环证书链的证书进行拒绝服务攻击。 影响组件: 严重程度: 低 优先级: 低 影响范围 受影响版本: 操作系统: Linux 硬件: 所有 组件: 产品: Security Response 状态: NEW 报告时间: 2026-05-04 14:38 UTC 修改时间: 2026-05-20 22:28 UTC CC列表: 5 users (china) 固定版本: 未指定 关闭原因: 未指定 环境: 未指定 最后关闭: 未指定 Embargoed: 未指定 修复方案 补丁可用性: 未发布补丁 修复建议: - 添加循环检测和合理的深度限制，在转换证书链时，如果检测到格式错误的循环链，则失败。 - 避免将客户端证书验证暴露给不受信任的远程方，除非必要，优先使用替代 TLS 后端。 - 如果部署中可用，实施并强制执行服务器或工作器超时，以防止验证线程长时间占用资源。 POC代码 ```c diff --git a/gtls/gtlsdatabase-gnutls.c b/gtls/gtlsdatabase-gnutls.c index 0000000000000000000000000000000000000000..1234567890abcdef1234567890abcdef12345678 --- /dev/null +++ b/gtls/gtlsdatabase-gnutls.c @@ -0,0 +1,100 @@ +/ GnuTLS database backend for GnuTLS Copyright (C) 2023 Red Hat, Inc. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Author: Alexander Larsson / +#include "config.h" +#include "gtlsdatabase-gnutls.h" +#include +#include +#include "gtls-certificate.h" +#include "gtls-database.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-private.h" +#include "gtls-database-pr

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2026-10028: glib-networking GnuTLS后端证书链死锁DoS漏洞分析

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2026-10028: glib-networking GnuTLS后端证书链死锁DoS漏洞分析

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！