A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00534}

epss

{'score': 0.00685}


Wed, 21 May 2025 01:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Fri, 22 Nov 2024 12:00:00 +0000


Tue, 24 Sep 2024 19:30:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T02:50:58.113Z

Reserved: 2024-03-28T17:17:50.507Z

Link: CVE-2024-3049

cve-icon Vulnrichment

Updated: 2024-09-24T18:03:12.532Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T06:15:09.550

Modified: 2024-11-21T09:28:45.870

Link: CVE-2024-3049

cve-icon Redhat

Severity : Important

Publid Date: 2024-05-27T00:00:00Z

Links: CVE-2024-3049 - Bugzilla

cve-icon OpenCVE Enrichment

No data.