A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Debian
  • Debian Linux
Gnu
  • Gnutls
Netapp
  • Active Iq Unified Manager
Fedoraproject
  • Fedora

Configuration 1 [-]

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
References
Link Resource
http://www.openwall.com/lists/oss-security/2024/01/19/3 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0533 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1082 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1383
https://access.redhat.com/security/cve/CVE-2024-0567 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2258544 Exploit Issue Tracking Third Party Advisory
https://gitlab.com/gnutls/gnutls/-/issues/1521 Exploit Issue Tracking Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ Mailing List Third Party Advisory
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html Mailing List
https://security.netapp.com/advisory/ntap-20240202-0011/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-16T14:01:59.178Z

Updated: 2024-07-08T17:29:27.412Z

Reserved: 2024-01-16T04:02:22.392Z

Link: CVE-2024-0567

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2024-01-16T14:15:48.527

Modified: 2024-06-27T12:15:17.343

Link: CVE-2024-0567

JSON object: View

cve-icon Redhat Information

No data.

CWE