mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
225 lines
10 KiB
JSON
225 lines
10 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-28835",
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Uncaught Exception",
|
|
"cweId": "CWE-248"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Red Hat",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Red Hat Enterprise Linux 9",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:3.7.6-23.el9_3.4",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:3.8.3-4.el9_4",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:3.7.6-23.el9_3.4",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:3.8.3-4.el9_4",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:3.7.6-21.el9_2.3",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Enterprise Linux 6",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "unknown"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Enterprise Linux 7",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "unknown"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Enterprise Linux 8",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:1879",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:1879"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:2570",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:2570"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:2889",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:2889"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/security/cve/CVE-2024-28835",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/security/cve/CVE-2024-28835"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084",
|
|
"refsource": "MISC",
|
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084"
|
|
},
|
|
{
|
|
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html",
|
|
"refsource": "MISC",
|
|
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html"
|
|
}
|
|
]
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |