CVE-2024-3049 | THREATINT

Assigner	redhat
Reserved	2024-03-28
Published	2024-06-06
Updated	2024-09-24

Description

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

MEDIUM: 5.9

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

Insufficient Verification of Data Authenticity

Product status

Default status

affected

0:1.1-1.el8_10.1 before *

unaffected

Default status

affected

0:1.0-199.1.ac1d34c.git.el8_4.2 before *

unaffected

Default status

affected

0:1.0-199.1.ac1d34c.git.el8_4.2 before *

unaffected

Default status

affected

0:1.0-199.1.ac1d34c.git.el8_6.2 before *

unaffected

Default status

affected

0:1.0-199.1.ac1d34c.git.el8_6.2 before *

unaffected

Default status

affected

0:1.0-283.1.9d4029a.git.el8_8.1 before *

unaffected

Default status

affected

0:1.1-1.el9_4.1 before *

unaffected

Default status

affected

0:1.0-251.3.bfb2f92.git.el9_0.2 before *

unaffected

Default status

affected

0:1.0-283.1.9d4029a.git.el9_2.1 before *

unaffected

Default status

affected

Timeline

2024-03-28:	Reported to Red Hat.
2024-05-27:	Made public.

References

https://access.redhat.com/errata/RHSA-2024:3657 (RHSA-2024:3657) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:3658 (RHSA-2024:3658) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:3659 (RHSA-2024:3659) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:3660 (RHSA-2024:3660) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:3661 (RHSA-2024:3661) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4400 (RHSA-2024:4400) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4411 (RHSA-2024:4411) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-3049 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2272082 (RHBZ#2272082) issue-tracking

cve.org CVE-2024-3049

nvd.nist.gov CVE-2024-3049

Download JSON