THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-28835

Gnutls: potential crash during chain building/verification

Reserved:2024-03-11
Published:2024-03-21
Updated:2024-05-16

Description

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.



MEDIUM: 5.0CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Problem types

Uncaught Exception

Product status

Default status
affected

0:3.7.6-23.el9_3.4 before *
unaffected

Default status
affected

0:3.8.3-4.el9_4 before *
unaffected

Default status
affected

0:3.7.6-23.el9_3.4 before *
unaffected

Default status
affected

0:3.8.3-4.el9_4 before *
unaffected

Default status
affected

0:3.7.6-21.el9_2.3 before *
unaffected

Default status
unknown

Default status
unknown

Default status
unaffected

Timeline

2024-03-11:Reported to Red Hat.
2024-03-21:Made public.

References

http://www.openwall.com/lists/oss-security/2024/03/22/1

http://www.openwall.com/lists/oss-security/2024/03/22/2

https://access.redhat.com/errata/RHSA-2024:1879 (RHSA-2024:1879) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2570 (RHSA-2024:2570) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2889 (RHSA-2024:2889) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-28835 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2269084 (RHBZ#2269084) issue-tracking

https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

cve.org CVE-2024-28835

nvd.nist.gov CVE-2024-28835

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-28835