CVE-2024-0567

Gnutls: rejects certificate chain with distributed trust

Published: 1/16/2024 Last updated: 11/20/2025 Reserved: 1/16/2024

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.5	High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (5)

conf-gnutls conf-mingw-w64-gnutls-i686 conf-mingw-w64-gnutls-x86_64 conf-srt conf-srt-gnutls

Products affected (93)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	<= 2.1.3
Red Hat OpenShift Container Platform 3.11	Red Hat	n/a
Red Hat OpenShift Container Platform 3.11	Red Hat	< 1f57f78fbacf630430bf954e5a84caafdfea30c0
Red Hat Enterprise Linux 9	Red Hat	WSA8832
Red Hat Enterprise Linux 8	Red Hat	<= 10.5.1
Red Hat Enterprise Linux 7	Red Hat	WSA8830
Red Hat Enterprise Linux 9	Red Hat	<= 1.4.5
Red Hat Enterprise Linux 8	Red Hat	< 3.8.6,
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 131
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	< 4.20.1
		n/a
Red Hat Enterprise Linux 6	Red Hat	< a90239551abc181687f8c0ba60b276f7d75c141e
Red Hat Enterprise Linux 7	Red Hat	14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 3.1.1
Red Hat Enterprise Linux 8	Red Hat	WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
Red Hat Enterprise Linux 8	Red Hat	>= 4.0.0, < 4.2.3
Red Hat Enterprise Linux 7	Red Hat	< f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	QCS405
RHODF-4.15-RHEL-9	Red Hat	Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	4.7 and 5
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	QTS110
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	See HP Security Bulletin reference for affected versions.
RHODF-4.15-RHEL-9	Red Hat	SSG2115P
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	<= 2020.004.30005
RHODF-4.15-RHEL-9	Red Hat	SSG2125P
RHODF-4.15-RHEL-9	Red Hat	<= 2017.011.30197
RHODF-4.15-RHEL-9	Red Hat	< publication
RHODF-4.15-RHEL-9	Red Hat	SXR1230P
RHODF-4.15-RHEL-9	Red Hat	<= 2021.005.20054
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	<= 1.8.9
RHODF-4.15-RHEL-9	Red Hat	SXR2230P
RHODF-4.15-RHEL-9	Red Hat	<= None
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	WCD9306
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	all
RHODF-4.15-RHEL-9	Red Hat	< 85.0.4183.102
RHODF-4.15-RHEL-9	Red Hat	WCD9330
RHODF-4.15-RHEL-9	Red Hat	< 1.61.2
RHODF-4.15-RHEL-9	Red Hat	< publication
RHODF-4.15-RHEL-9	Red Hat	WCD9335
RHODF-4.15-RHEL-9	Red Hat	WCD9380
RHODF-4.15-RHEL-9	Red Hat	>= 2.0.0-alpha.0, < 2.1.1
RHODF-4.15-RHEL-9	Red Hat	WCD9385
RHODF-4.15-RHEL-9	Red Hat	<= 1.0
RHODF-4.15-RHEL-9	Red Hat	WCN3980
RHODF-4.15-RHEL-9	Red Hat	< publication
RHODF-4.15-RHEL-9	Red Hat	3.x before 3.2.13
RHODF-4.15-RHEL-9	Red Hat	WCN3998
RHODF-4.15-RHEL-9	Red Hat	WCN3999
RHODF-4.15-RHEL-9	Red Hat	5.0.420
RHODF-4.15-RHEL-9	Red Hat	< 0.12.0
RHOL-5.8-RHEL-9	Red Hat	4.x before 4.0.14
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	<= 1.0.1
RHOL-5.8-RHEL-9	Red Hat	Cisco Web Security Appliance unknown
RHOL-5.8-RHEL-9	Red Hat	5.x before 5.0.4
RHOL-5.8-RHEL-9	Red Hat	WCN6855
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	WCN6856
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	< fbe466f06d4ea18745da0d57540539b7b36936ae
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	WCN7850
RHOL-5.8-RHEL-9	Red Hat	<= 5.3
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	< 3994387ba3564976731179c4d4a6d7850ddda71a
RHOL-5.8-RHEL-9	Red Hat	WCN7851
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	< publication
RHOL-5.8-RHEL-9	Red Hat	<= 1.16
RHOL-5.8-RHEL-9	Red Hat	< ca6d565a2319d69d9766e6ecbb5af827fc4afb2b
RHOL-5.8-RHEL-9	Red Hat	<= 2.0
RHOL-5.8-RHEL-9	Red Hat	WSA8810
RHOL-5.8-RHEL-9	Red Hat	Android-10 Android-11 Android-12 Android-9
RHOL-5.8-RHEL-9	Red Hat	< df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e
RHOL-5.8-RHEL-9	Red Hat	>= 6.0.0, < 8.1.8
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	N/A
RHOL-5.8-RHEL-9	Red Hat	WSA8815

CVE-2024-0567

Gnutls: rejects certificate chain with distributed trust

Metrics

Opam packages affected (5)

Products affected (93)

References (40)