A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Booth | Clusterlabs | * | 1.1 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | booth-0:1.1-1.el8_10.1 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | booth-0:1.0-199.1.ac1d34c.git.el8_4.2 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | booth-0:1.0-199.1.ac1d34c.git.el8_4.2 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | booth-0:1.0-199.1.ac1d34c.git.el8_6.2 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | booth-0:1.0-199.1.ac1d34c.git.el8_6.2 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | booth-0:1.0-283.1.9d4029a.git.el8_8.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | booth-0:1.1-1.el9_4.1 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | booth-0:1.0-251.3.bfb2f92.git.el9_0.2 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | booth-0:1.0-283.1.9d4029a.git.el9_2.1 | * |
| Booth | Ubuntu | mantic | * |