Description
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
References (13)
Scores
CVSS v3
5.9
EPSS
0.0103
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-345
Status
published
Products (33)
clusterlabs/booth
< 1.1
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:1.1-1.el8_10.1
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:1.0-199.1.ac1d34c.git.el8_4.2
Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service
0:1.0-199.1.ac1d34c.git.el8_4.2
Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
0:1.0-199.1.ac1d34c.git.el8_4.2
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service
0:1.0-199.1.ac1d34c.git.el8_6.2
Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
0:1.0-199.1.ac1d34c.git.el8_6.2
Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Support
0:1.0-283.1.9d4029a.git.el8_8.1
... and 23 more
Published
Jun 06, 2024
Tracked Since
Feb 18, 2026