CVE-2024-28835
MEDIUMCVSS v3.1: 5.0 · EPSS: 0.0039 (30.6 percentile)
Source data as of:
At a glance
- Severity
- MEDIUM
- CVSS
- 5.0 v3.1 · NVD
- EPSS
- 0.0039 (30.6 percentile) · FIRST.org
- CISA KEV
- No
- Attack conditions (CVSS vector)
- · Source: NVD Vector
- Published
- 2024-03-21 · Modified: 2026-07-03
- References
- Jump to references (8)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Distro https://access.redhat.com/errata/RHSA-2024:1879
- Distro https://access.redhat.com/errata/RHSA-2024:2570
- Distro https://access.redhat.com/errata/RHSA-2024:2889
- Distro https://access.redhat.com/security/cve/CVE-2024-28835
- Distro https://bugzilla.redhat.com/show_bug.cgi?id=2269084
- Reference https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
- Reference http://www.openwall.com/lists/oss-security/2024/03/22/1
- Reference http://www.openwall.com/lists/oss-security/2024/03/22/2