CVE-2024-3049

EPSS 0.99%
Veröffentlicht 06.06.2024 06:15:09
Zuletzt bearbeitet 02.10.2025 14:15:42
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clusterlabs ≫ Booth Version < 1.1

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version9.2_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version9.4_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.2_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.4_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.4_ppc64le

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.762

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
secalert@redhat.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://access.redhat.com/errata/RHSA-2024:3657

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:3658

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:3659

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:3660

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:3661

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:4400

https://access.redhat.com/errata/RHSA-2024:4411

https://access.redhat.com/security/cve/CVE-2024-3049

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2272082

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/

https://github.com/ClusterLabs/booth/pull/142

https://nvd.nist.gov/vuln/detail/CVE-2024-3049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3049

EUVD