{"id":"CVE-2024-3049","details":"A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.","modified":"2026-03-20T12:35:48.233232Z","published":"2024-06-06T06:15:09.550Z","related":["ALSA-2024:3659","ALSA-2024:3661","SUSE-SU-2024:2040-1","SUSE-SU-2024:2041-1","SUSE-SU-2024:2042-1","SUSE-SU-2024:2062-1","SUSE-SU-2024:2063-1","SUSE-SU-2024:2251-1","openSUSE-SU-2024:14045-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3657"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3658"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3659"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:4411"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-3049"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3660"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3661"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:4400"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272082"},{"type":"FIX","url":"https://github.com/ClusterLabs/booth/pull/142"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/clusterlabs/booth","events":[{"introduced":"0"},{"fixed":"09b00742eec94d5b8e936eeaf4887bbdefa739f3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1"}]}}],"versions":["v0.1.0","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.2.0","v1.0","v1.0rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3049.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}