Описание
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Отчет
The observed crash in GnuTLS during certificate chain verification, triggered by a specific certificate configuration, represents a moderate severity issue due to its potential impact on security-critical operations reliant on certificate validation. The crash may indicate an underlying flaw in GnuTLS's handling of certain certificate attributes or structures, potentially exposing systems to denial-of-service vulnerabilities or bypassing security checks if exploited maliciously. Given that certificate validation is a fundamental aspect of secure communication protocols such as TLS, the inability to reliably verify certificate chains could lead to unauthorized access, data integrity breaches, or interception of sensitive information.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gnutls | Affected | ||
| Red Hat Enterprise Linux 6 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gnutls | Not affected | ||
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:1879 | 18.04.2024 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:2570 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:1879 | 18.04.2024 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:2570 | 30.04.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | gnutls | Fixed | RHSA-2024:2889 | 16.05.2024 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be ...
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
5 Medium
CVSS3