5.9
CVE-2024-3049
- EPSS 0.54%
- Veröffentlicht 06.06.2024 06:15:09
- Zuletzt bearbeitet 02.10.2025 14:15:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Clusterlabs ≫ Booth Version < 1.1
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux Eus Version9.2
Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Version9.2_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Version9.4_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.2_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.4_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.4_ppc64le
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| secalert@redhat.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
https://access.redhat.com/errata/RHSA-2024:3657
https://access.redhat.com/errata/RHSA-2024:3658
https://access.redhat.com/errata/RHSA-2024:3659
https://access.redhat.com/errata/RHSA-2024:3660
https://access.redhat.com/errata/RHSA-2024:3661
https://access.redhat.com/errata/RHSA-2024:4400
https://access.redhat.com/errata/RHSA-2024:4411
https://access.redhat.com/security/cve/CVE-2024-3049
https://bugzilla.redhat.com/show_bug.cgi?id=2272082
https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/
https://github.com/ClusterLabs/booth/pull/142