CVE-2024-3049

Опубликовано: 06 июн. 2024

Источник: debian

EPSS Низкий

Описание

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
booth	fixed	1.1-2		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=2272082
https://github.com/ClusterLabs/booth/pull/142
https://github.com/ClusterLabs/booth/commit/98b4284d1701f2efec278b51f151314148bfe70e (v1.2)
https://github.com/ClusterLabs/booth/commit/43eaf0e82b1475a6a5322881cbd8260b6c3f5ef8 (v1.2)

EPSS

Процентиль: 77%

0.01032

Низкий

Связанные уязвимости

CVE-2024-3049

CVSS3: 5.9

ubuntu

больше 1 года назад

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CVE-2024-3049

CVSS3: 5.9

redhat

больше 1 года назад

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CVE-2024-3049

CVSS3: 5.9

nvd

больше 1 года назад

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

SUSE-SU-2024:2251-1

suse-cvrf

больше 1 года назад

Security update for booth

SUSE-SU-2024:2063-1

suse-cvrf

больше 1 года назад

Security update for booth

EPSS

Процентиль: 77%

0.01032

Низкий