CVE-2024-3049: Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

First published: Thu Mar 28 2024(Updated: )

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/booth	<1.1	1.1
Clusterlabs Booth	<1.1
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
Redhat Enterprise Linux Eus	=8.4
Redhat Enterprise Linux Eus	=8.8
Redhat Enterprise Linux Eus	=9.2
Redhat Enterprise Linux For Arm 64	=8.0_aarch64
Redhat Enterprise Linux For Arm 64	=8.8_aarch64
Redhat Enterprise Linux For Arm 64	=9.2_aarch64
Redhat Enterprise Linux For Arm 64	=9.4_aarch64
Redhat Enterprise Linux For Ibm Z Systems	=8.0_s390x
Redhat Enterprise Linux For Ibm Z Systems	=9.2_s390x
Redhat Enterprise Linux For Ibm Z Systems	=9.4_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus	=8.8_s390x
Redhat Enterprise Linux For Power Little Endian Eus	=8.0_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=8.4_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=8.8_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=9.2_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=9.4_ppc64le
Redhat Enterprise Linux Server Update Services For Sap Solutions	=8.4

Never miss a vulnerability like this again

Reference Links

agent/weakness
agent/title
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
agent/softwarecombine
agent/severity
agent/references
agent/tags
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-3049
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
package-manager/redhat
vendor/clusterlabs
canonical/clusterlabs booth
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0
version/redhat enterprise linux/8.0
version/redhat enterprise linux/9.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.4
version/redhat enterprise linux eus/8.8
version/redhat enterprise linux eus/9.2
canonical/redhat enterprise linux for arm 64
version/redhat enterprise linux for arm 64/8.0_aarch64
version/redhat enterprise linux for arm 64/8.8_aarch64
version/redhat enterprise linux for arm 64/9.2_aarch64
version/redhat enterprise linux for arm 64/9.4_aarch64
canonical/redhat enterprise linux for ibm z systems
version/redhat enterprise linux for ibm z systems/8.0_s390x
version/redhat enterprise linux for ibm z systems/9.2_s390x
version/redhat enterprise linux for ibm z systems/9.4_s390x
canonical/redhat enterprise linux for ibm z systems eus
version/redhat enterprise linux for ibm z systems eus/8.8_s390x
canonical/redhat enterprise linux for power little endian eus
version/redhat enterprise linux for power little endian eus/8.0_ppc64le
version/redhat enterprise linux for power little endian eus/8.4_ppc64le
version/redhat enterprise linux for power little endian eus/8.8_ppc64le
version/redhat enterprise linux for power little endian eus/9.2_ppc64le
version/redhat enterprise linux for power little endian eus/9.4_ppc64le
canonical/redhat enterprise linux server update services for sap solutions
version/redhat enterprise linux server update services for sap solutions/8.4

CVE-2024-3049: Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact