Lucene search

K
nvd[email protected]NVD:CVE-2024-0567
HistoryJan 16, 2024 - 2:15 p.m.

CVE-2024-0567

2024-01-1614:15:48
CWE-347
web.nvd.nist.gov
7
gnutls
cockpit
certificate chain
denial of service
vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

46.5%

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Affected configurations

Nvd
Node
gnugnutlsRange3.7.03.8.3
Node
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
Node
debiandebian_linuxMatch11.0

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

46.5%