CVE-2024-3049

2024-06-0606:15:09

Debian Security Bug Tracker

security-tracker.debian.org

booth

cluster ticket manager

invalid hmac

flaw

unix

cve-2024-3049

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

35.2%

JSON

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

OSVersionArchitecturePackageVersionFilename
Debian12allbooth<= 1.0-283-g9d4029a-2booth_1.0-283-g9d4029a-2_all.deb
Debian11allbooth<= 1.0-237-gdd88847-2+deb11u1booth_1.0-237-gdd88847-2+deb11u1_all.deb
Debian10allbooth<= 1.0-162-g27f917f-2+deb10u1booth_1.0-162-g27f917f-2+deb10u1_all.deb
Debian999allbooth<= 1.1-1booth_1.1-1_all.deb
Debian13allbooth<= 1.1-1booth_1.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	booth	<= 1.0-283-g9d4029a-2	booth_1.0-283-g9d4029a-2_all.deb
Debian	11	all	booth	<= 1.0-237-gdd88847-2+deb11u1	booth_1.0-237-gdd88847-2+deb11u1_all.deb
Debian	10	all	booth	<= 1.0-162-g27f917f-2+deb10u1	booth_1.0-162-g27f917f-2+deb10u1_all.deb
Debian	999	all	booth	<= 1.1-1	booth_1.1-1_all.deb
Debian	13	all	booth	<= 1.1-1	booth_1.1-1_all.deb