CVE-2024-0567
EUVD-2024-1636016.01.2024, 14:15
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.7.0 ≤ 𝑥 < 3.8.3 |
| netapp | active_iq_unified_manager | - |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnutls |
| ||||||||||||||||||||
| libgnutls-devel |
| ||||||||||||||||||||
| libgnutls30 |
| ||||||||||||||||||||
| libgnutls30-32bit |
| ||||||||||||||||||||
| libgnutls30-hmac |
| ||||||||||||||||||||
| libgnutls30-hmac-32bit |
| ||||||||||||||||||||
| libgnutlsxx-devel |
| ||||||||||||||||||||
| libgnutlsxx28 |
| ||||||||||||||||||||
| libgnutlsxx30 |
|
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| gnutls |
| ||
| gnutls-c++ |
| ||
| gnutls-c++-debuginfo |
| ||
| gnutls-dane |
| ||
| gnutls-dane-debuginfo |
| ||
| gnutls-debuginfo |
| ||
| gnutls-debugsource |
| ||
| gnutls-devel |
| ||
| gnutls-utils |
| ||
| gnutls-utils-debuginfo |
|
Azure Linux Releases
Common Weakness Enumeration
References