CVE-2024-0567

Summary

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Affected Software

VendorProductVersion RangeStatus
3.8.0 < 3.8.3affected
Red HatRed Hat Enterprise Linux 90:3.7.6-23.el9_3.3 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.7.6-23.el9_3.3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:3.7.6-21.el9_2.2 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-37 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-68 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-39 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-58 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-13 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-81 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-79 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-22 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-57 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-6 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-15 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-15 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-54 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-10 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-26 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-19 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-158 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-21 < *unaffected
Red HatRHODF-4.15-RHEL-9v4.15.0-103 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-22 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-11 < *unaffected
Red HatRHOL-5.8-RHEL-9v6.8.1-407 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-19 < *unaffected
Red HatRHOL-5.8-RHEL-9v1.0.0-479 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-7 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.4.0-247 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-5 < *unaffected
Red HatRHOL-5.8-RHEL-9v1.1.0-227 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.1-470 < *unaffected
Red HatRHOL-5.8-RHEL-9v2.9.6-14 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-2 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-24 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.6-10 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.1.0-525 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.1.0-224 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.28.1-56 < *unaffected

Weaknesses

  • CWE-347: Improper Verification of Cryptographic Signature

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References