CVE-2024-3049 — MEDIUM (5.9)

Q: What is CVE-2024-3049?

CVE-2024-3049 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Q: How severe is CVE-2024-3049?

CVE-2024-3049 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-3049?

Check the references section above for vendor advisories and patch information. Affected products include: Clusterlabs Booth, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems.

Vulnerability Description

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Clusterlabs	Booth	< 1.1
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Eus	8.4
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8_s390x
Redhat	Enterprise Linux For Power Little Endian Eus	8.0_ppc64le
Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.4

Related Weaknesses (CWE)

CWE-345

References

https://access.redhat.com/errata/RHSA-2024:3657Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3658Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3659Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3660Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3661Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4400
https://access.redhat.com/errata/RHSA-2024:4411
https://access.redhat.com/security/cve/CVE-2024-3049Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2272082Issue Tracking
https://github.com/ClusterLabs/booth/pull/142
https://access.redhat.com/errata/RHSA-2024:3657Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3658Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3659Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3660Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3661Third Party Advisory

FAQ

What is CVE-2024-3049?

CVE-2024-3049 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

How severe is CVE-2024-3049?

CVE-2024-3049 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-3049?

Check the references section above for vendor advisories and patch information. Affected products include: Clusterlabs Booth, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems.