CVE-2024-3049

CWE-3457 documents7 sources

Severity

5.9MEDIUM

EPSS

1.0%

top 22.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clusterlabs Booth Redhat Enterprise Linux Redhat Enterprise Linux EUS +5 more

Timeline

PublishedJun 6

Description

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDclusterlabs/booth< 1.1

▶Debianbooth< 1.0-237-gdd88847-2+deb11u2+3

Also affects: Enterprise Linux 7.0, 8.0, 9.0, 8.4, 8.8, 9.2, 9.4

🔴Vulnerability Details

OSV

CVE-2024-3049: A flaw was found in Booth, a cluster ticket manager↗2024-06-06

▶

CVEList

Booth: specially crafted hash can lead to invalid hmac being accepted by booth server↗2024-06-06

▶

GHSA

GHSA-gqh6-f673-ccgc: A flaw was found in Booth, a cluster ticket manager↗2024-06-06

▶

📋Vendor Advisories

Red Hat

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server↗2024-05-27

▶

Debian

CVE-2024-3049: booth - A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash...↗2024

▶

💬Community

Bugzilla

CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input↗2020-04-07

▶