CVE-2024-3049

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Booth (affected versions not specified)

Description: A flaw was found in Booth, a cluster ticket manager, related to insufficient authentication of data. The issue is associated with the gcry md get algo dlen() function. If a specially-crafted hash is passed to this function, it may allow an invalid HMAC to be accepted by the Booth server. This could potentially be exploited by a remote attacker.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALSA-2024:3659

ALSA-2024:3661

AZL-42530

AZL-42540

BDU:2024-05602

CESA-2024_3659

CVE-2024-3049

DLA-3894-1

DSA-5777-1

INFSA-2024_3659

INFSA-2024_3661

OESA-2024-2048

OESA-2024-2049

OESA-2024-2050

OPENSUSE-SU-2024:14045-1

OPENSUSE-SU-2024_2040-1

OPENSUSE-SU-2024_2042-1

OPENSUSE-SU-2024_2062-1

OPENSUSE-SU-2024_2063-1

RHSA-2024:3657

RHSA-2024:3658

RHSA-2024:3659

RHSA-2024:3660

RHSA-2024:3661

RHSA-2024:4400

RHSA-2024:4411

RHSA-2024_3659

RHSA-2024_3661

RLSA-2024:3659

RLSA-2024:3661

SUSE-SU-2024:2040-1

SUSE-SU-2024:2041-1

SUSE-SU-2024:2042-1

SUSE-SU-2024:2062-1

SUSE-SU-2024:2063-1

SUSE-SU-2024:2251-1

SUSE-SU-2024_2040-1

SUSE-SU-2024_2041-1

SUSE-SU-2024_2042-1

SUSE-SU-2024_2062-1

SUSE-SU-2024_2063-1

Affected Products

Almalinux

Booth

Centos

Red Hat

Rocky Linux

Suse

CVE-2024-3049

Weakness Enumeration

Related Identifiers

Affected Products

References · 67