CVE-2024-3049
published 2024-06-06CVE-2024-3049: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clusterlabs | booth | < 1.1 | 1.1 |
| clusterlabs | booth | >= 0 < 1.0-237-gdd88847-2+deb11u2 | 1.0-237-gdd88847-2+deb11u2 |
| clusterlabs | booth | >= 0 < 1.0-283-g9d4029a-2+deb12u1 | 1.0-283-g9d4029a-2+deb12u1 |
| clusterlabs | booth | >= 0 < 1.1-2 | 1.1-2 |
| clusterlabs | booth | >= 0 < 1.1-2 | 1.1-2 |
| debian | booth | < booth 1.0-283-g9d4029a-2+deb12u1 (bookworm) | booth 1.0-283-g9d4029a-2+deb12u1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_for_arm_64 | — | — |
| redhat | enterprise_linux_for_arm_64 | — | — |
| redhat | enterprise_linux_for_arm_64 | — | — |
| redhat | enterprise_linux_for_arm_64 | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_ibm_z_systems_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM