CVE-2024-28835 — Uncaught Exception in Azl3 Gnutls 3.8.3-2 ON Azure Linux 3.0

CWE-248 — Uncaught Exception10 documents7 sources

Severity

5.0MEDIUMNVD

OSV5.3

EPSS

0.0%

top 86.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gnutls28 Msrc Azl3 Gnutls 3.8.3-2 ON Azure Linux 3.0 Msrc Azl3 Gnutls 3.8.3-4 ON Azure Linux 3.0 +3 more

Timeline

PublishedMar 21

Latest updateApr 29

Description

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/gnutls28< gnutls28 3.7.9-2+deb12u3 (bookworm)

▶msrcmsrc/azl3_gnutls_3.8.3-2_on_azure_linux_3.0

▶msrcmsrc/azl3_gnutls_3.8.3-4_on_azure_linux_3.0

▶msrcmsrc/cbl2_gnutls_3.7.11-1_on_cbl_mariner_2.0

▶msrcmsrc/azure_linux_3.0_arm

🔴Vulnerability Details

OSV

gnutls28 vulnerabilities↗2024-04-29

▶

OSV

gnutls28 vulnerabilities↗2024-04-15

▶

OSV

CVE-2024-28835: A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted↗2024-03-21

▶

GHSA

GHSA-ffpf-5h29-w36w: A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted↗2024-03-21

▶

📋Vendor Advisories

Ubuntu

GnuTLS vulnerabilities↗2024-04-29

▶

Ubuntu

GnuTLS vulnerabilities↗2024-04-15

▶

Red Hat

gnutls: potential crash during chain building/verification↗2024-03-21

▶

Microsoft

Gnutls: potential crash during chain building/verification↗2024-03-12

▶

Debian

CVE-2024-28835: gnutls28 - A flaw has been discovered in GnuTLS where an application crash can be induced w...↗2024

▶