Gnutls: rejects certificate chain with distributed trust
CVE-2024-0567

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Gnutls; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Extended Update Support; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists in GnuTLS that leads to the rejection of a certificate chain with distributed trust when utilizing the cockpit-certificate-ensure functionality. This issue effectively allows unauthenticated remote clients or attackers to exploit the flaw, resulting in potential denial of service conditions. The flaw emphasizes the importance of robust certificate validation processes in enhancing the security posture of applications relying on GnuTLS.

Affected Version(s)

GnuTLS 3.8.3

Red Hat Enterprise Linux 9 0:3.7.6-23.el9_3.3

References

http://www.openwall.com/lists/oss-security/2024/01/19/3

https://access.redhat.com/errata/RHSA-2024:0533

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1082

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jan 16, 2024

Collectors

NVD DatabaseMitre Database