A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01194.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Debian Subscribe
Debian Linux Subscribe
Fedoraproject Subscribe
Fedora Subscribe
Gnu Subscribe
Gnutls Subscribe
Netapp Subscribe
Active Iq Unified Manager Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Logging Subscribe
Openshift Subscribe
Openshift Data Foundation Subscribe
Rhel Eus Subscribe

Configuration 1 [-]

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 9
gnutls-0:3.7.6-23.el9_3.3 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:0533 2024-01-29T00:00:00Z
gnutls-0:3.7.6-23.el9_3.3 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:0533 2024-01-29T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
gnutls-0:3.7.6-21.el9_2.2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:1082 2024-03-05T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-core-rhel9:v4.15.0-68 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-rhel9-operator:v4.15.0-39 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-console-rhel9:v4.15.0-58 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-rhel9-operator:v4.15.0-13 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-metrics-exporter-rhel9:v4.15.0-81 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-rhel9-operator:v4.15.0-79 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cli-rhel9:v4.15.0-22 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-console-rhel9:v4.15.0-57 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cosi-sidecar-rhel9:v4.15.0-6 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-rhel9-operator:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.0-54 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-rhel9-operator:v4.15.0-10 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-must-gather-rhel9:v4.15.0-26 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-rhel9-operator:v4.15.0-19 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-cluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-hub-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-rhel9-operator:v4.15.0-21 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/rook-ceph-rhel9-operator:v4.15.0-103 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
RHOL-5.8-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.8.6-22 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel9:v6.8.1-407 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.8.6-19 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-247 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel9:v5.8.6-5 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel9:v5.8.1-470 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel9:v2.9.6-14 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.8.6-2 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.8.6-24 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.8.6-10 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-525 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-224 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/vector-rhel9:v0.28.1-56 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-16360 A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Ubuntu USN Ubuntu USN USN-6593-1 GnuTLS vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References
Link Providers
http://www.openwall.com/lists/oss-security/2024/01/19/3 cve-icon
https://access.redhat.com/errata/RHSA-2024:0533 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1082 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1383 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2094 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-0567 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2258544 cve-icon cve-icon
https://gitlab.com/gnutls/gnutls/-/issues/1521 cve-icon cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ cve-icon
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-0567 cve-icon
https://security.netapp.com/advisory/ntap-20240202-0011/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-0567 cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01006}

 epss

{'score': 0.01034}

Mon, 02 Jun 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 16 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-11-20T18:09:19.787Z

Reserved: 2024-01-16T04:02:22.392Z

Link: CVE-2024-0567

cve-icon Vulnrichment

Updated: 2024-08-01T18:11:35.636Z

cve-icon NVD

Status : Modified

Published: 2024-01-16T14:15:48.527

Modified: 2024-11-21T08:46:53.563

Link: CVE-2024-0567

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-16T00:00:00Z

Links: CVE-2024-0567 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses