CVE-2024-0567

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. The flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. The vulnerability is related to errors in cryptographic signature verification.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALSA-2024:0533

ALT-PU-2024-1258

ALT-PU-2024-4754

ALT-PU-2024-4913

ALT-PU-2024-4977

ALT-PU-2024-6430

AZL-33340

AZL-34740

BDU:2024-00705

CVE-2024-0567

MGASA-2024-0031

OESA-2024-1090

OESA-2024-1093

OESA-2024-1094

OESA-2024-1095

OPENSUSE-SU-2024:13593-1

OPENSUSE-SU-2024_0638-1

RHSA-2024:0533

RHSA-2024:1082

RHSA-2024_0533

ROSA-SA-2025-2607

SUSE-SU-2024:0638-1

SUSE-SU-2024:0638-2

SUSE-SU-2024:1179-1

USN-6593-1

Affected Products

Alt Linux

Almalinux

Gnutls

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2024-0567

Weakness Enumeration

Related Identifiers

Affected Products

References · 97