Vulnerability CVE-2024-28835: Information

Description

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-28835
Published: March 21, 2024
Modified: May 1, 2024
Error type identifier: CWE-248

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gnutls30sisyphus3.8.4-alt13.8.4-alt1ALT-PU-2024-4634-2343729Fixed
gnutls30sisyphus_e2k3.8.4-alt13.8.4-alt1ALT-PU-2024-4708-1-Fixed
gnutls30sisyphus_riscv643.8.4-alt13.8.4-alt1ALT-PU-2024-4796-1-Fixed
gnutls30sisyphus_loongarch643.8.4-alt13.8.4-alt1ALT-PU-2024-4720-1-Fixed
gnutls30p103.6.16-alt53.6.16-alt6ALT-PU-2024-4754-3343952Fixed
gnutls30p10_e2k3.6.16-alt53.6.16-alt6ALT-PU-2024-6414-1-Fixed
gnutls30p93.6.16-alt53.6.16-alt5ALT-PU-2024-4913-2343958Fixed
gnutls30c10f13.6.16-alt53.6.16-alt5ALT-PU-2024-6430-2344988Fixed
gnutls30c9f23.6.16-alt53.6.16-alt5ALT-PU-2024-4977-3344277Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2024-28835
    RHBZ#2269084
      https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
        RHSA-2024:1879
          RHSA-2024:2570
            http://www.openwall.com/lists/oss-security/2024/03/22/1
              http://www.openwall.com/lists/oss-security/2024/03/22/2
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.5.0
                Back to top