CVE-2024-28835 Gnutls: potential crash during chain building/verification

🗓️ 21 Mar 2024 06:13:26Reported by redhatType

GnuTLS 2024-28835 potential crash during chain building/verificatio

Reporter	Title	Published	Views	Family All 144
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to denial of service, buffer overflow and allow a local authenticated attacker to gain elevated privileges	15 Apr 202502:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.1.1	30 Sep 202416:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	15 Apr 202502:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	20 Jun 202420:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities	30 May 202411:23	–	ibm
Tenable Nessus	Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-591)	29 Apr 202400:00	–	nessus
Tenable Nessus	AlmaLinux 9 : gnutls (ALSA-2024:1879)	18 Apr 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: gnutls (CVE-2024-28835)	22 Jan 202600:00	–	nessus
Tenable Nessus	Debian dla-3875 : gnutls-bin - security update	5 Sep 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)	25 Jun 202400:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "3.8.3"
      }
    ],
    "packageName": "gnutls",
    "collectionURL": "https://gitlab.com/gnutls/gnutls/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.7.6-23.el9_3.4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.8.3-4.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.7.6-23.el9_3.4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.8.3-4.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.7.6-21.el9_2.3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:rhel_eus:9.2::baseos",
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gnutls",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:2570
access	www.access.redhat.com/security/cve/CVE-2024-28835
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:1879
access	www.access.redhat.com/errata/RHSA-2024:2889
lists	www.lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

21 Jan 2026 23:51Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15

EPSS0.00389

CWE-248