5.9

CVE-2024-3049

Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.408
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
secalert@redhat.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://access.redhat.com/errata/RHSA-2024:3657
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3658
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3659
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3660
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3661
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4400
https://access.redhat.com/errata/RHSA-2024:4411
https://access.redhat.com/security/cve/CVE-2024-3049
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2272082
Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/
https://github.com/ClusterLabs/booth/pull/142