CVE-2024-3049

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:3657 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3658 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3659 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3660 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3661 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-3049 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2272082 Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/
Configurations

Configuration 1 (hide)

cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
History

16 Jun 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/ -

16 Jun 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/ -

11 Jun 2024, 17:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.4 		v2 : unknown
v3 : 5.9
First Time Redhat enterprise Linux
Clusterlabs booth
Clusterlabs
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat enterprise Linux Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat
CPE cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2024:3657 - () https://access.redhat.com/errata/RHSA-2024:3657 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3658 - () https://access.redhat.com/errata/RHSA-2024:3658 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3659 - () https://access.redhat.com/errata/RHSA-2024:3659 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3660 - () https://access.redhat.com/errata/RHSA-2024:3660 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3661 - () https://access.redhat.com/errata/RHSA-2024:3661 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-3049 - () https://access.redhat.com/security/cve/CVE-2024-3049 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2272082 - () https://bugzilla.redhat.com/show_bug.cgi?id=2272082 - Issue Tracking

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido.

06 Jun 2024, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3657 -
  • () https://access.redhat.com/errata/RHSA-2024:3658 -
  • () https://access.redhat.com/errata/RHSA-2024:3659 -
  • () https://access.redhat.com/errata/RHSA-2024:3660 -
  • () https://access.redhat.com/errata/RHSA-2024:3661 -

06 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-06 06:15

Updated : 2024-06-16 16:15

NVD link : CVE-2024-3049

Mitre link : CVE-2024-3049

CVE.ORG link : CVE-2024-3049

JSON object : View

Products Affected

clusterlabs

  • booth

redhat

  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux
  • enterprise_linux_eus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_arm_64
CWE
CWE-345

Insufficient Verification of Data Authenticity