CVE-2024-28835

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-28835
CWE	https://cwe.mitre.org/data/definitions/248.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-28835

CWE

https://cwe.mitre.org/data/definitions/248.html

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the certtool –verify-chain command.

Weakness

An exception is thrown from a function, but it is not caught.

References

http://www.openwall.com/lists/oss-security/2024/03/22/1
http://www.openwall.com/lists/oss-security/2024/03/22/2
https://access.redhat.com/errata/RHSA-2024:1879
https://access.redhat.com/errata/RHSA-2024:2570
https://access.redhat.com/errata/RHSA-2024:2889
https://access.redhat.com/security/cve/CVE-2024-28835
https://bugzilla.redhat.com/show_bug.cgi?id=2269084
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

Uncaught Exception

Weakness

References