CVE-2024-0567

Public Exploit

Gnutls: rejects certificate chain with distributed trust

Description

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Remediation

Workaround:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2024:0533	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1082	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1383	vendor advisory
https://access.redhat.com/errata/RHSA-2024:2094	vendor advisory
https://access.redhat.com/security/cve/CVE-2024-0567	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2258544	third party advisory issue tracking exploit
https://gitlab.com/gnutls/gnutls/-/issues/1521	patch exploit vendor advisory issue tracking
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html	mailing list
http://www.openwall.com/lists/oss-security/2024/01/19/3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
https://security.netapp.com/advisory/ntap-20240202-0011/

Frequently Asked Questions

What is the severity of CVE-2024-0567?: CVE-2024-0567 has been scored as a high severity vulnerability.
How to fix CVE-2024-0567?: As a workaround for remediating CVE-2024-0567: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2024-0567 being actively exploited in the wild?: It is possible that CVE-2024-0567 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-0567?: CVE-2024-0567 affects Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHODF-4.15-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat OpenShift Container Platform 3.11.

Description

Remediation

Category

CWE-347 – Improper Verification of Cryptographic Signature

References

Frequently Asked Questions