CVE-2024-3049 Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

2024-06-0605:30:04

CWE-345

redhat

www.cve.org

cve-2024-3049

booth server

invalid hmac

security flaw

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

35.7%

JSON

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.1-1.el8_10.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::highavailability",
      "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.4::highavailability",
      "cpe:/a:redhat:rhel_e4s:8.4::highavailability"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.4::highavailability",
      "cpe:/a:redhat:rhel_e4s:8.4::highavailability"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-199.1.ac1d34c.git.el8_6.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
      "cpe:/a:redhat:rhel_tus:8.6::highavailability"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-199.1.ac1d34c.git.el8_6.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
      "cpe:/a:redhat:rhel_tus:8.6::highavailability"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-283.1.9d4029a.git.el8_8.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::highavailability",
      "cpe:/a:redhat:rhel_eus:8.8::resilientstorage"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.1-1.el9_4.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
      "cpe:/a:redhat:enterprise_linux:9::highavailability"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-251.3.bfb2f92.git.el9_0.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage",
      "cpe:/a:redhat:rhel_e4s:9.0::highavailability"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.0-283.1.9d4029a.git.el9_2.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::highavailability",
      "cpe:/a:redhat:rhel_eus:9.2::resilientstorage"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "booth",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]