{"api_version":"1","generated_at":"2026-07-04T16:15:35+00:00","cve":"CVE-2024-28835","urls":{"html":"https://cve.report/CVE-2024-28835","api":"https://cve.report/api/cve/CVE-2024-28835.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-28835","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-28835"},"summary":{"title":"Gnutls: potential crash during chain building/verification","description":"A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.","state":"PUBLISHED","assigner":"redhat","published_at":"2024-03-21 06:15:45","updated_at":"2026-07-03 03:16:23"},"problem_types":["CWE-248","CWE-248 Uncaught Exception"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1879","name":"https://access.redhat.com/errata/RHSA-2024:1879","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269084","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2269084","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:2570","name":"https://access.redhat.com/errata/RHSA-2024:2570","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/03/22/2","name":"http://www.openwall.com/lists/oss-security/2024/03/22/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2024/03/22/1","name":"http://www.openwall.com/lists/oss-security/2024/03/22/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2024-28835","name":"https://access.redhat.com/security/cve/CVE-2024-28835","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:2889","name":"https://access.redhat.com/errata/RHSA-2024:2889","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html","name":"https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html","name":"https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20241122-0009/","name":"https://security.netapp.com/advisory/ntap-20241122-0009/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-28835","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28835","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.7.6-23.el9_3.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.8.3-4.el9_4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.7.6-23.el9_3.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.8.3-4.el9_4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","version":"unaffected 0:3.7.6-21.el9_2.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-03-11T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2024-03-21T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"28835","cve":"CVE-2024-28835","epss":"0.003860000","percentile":"0.305690000","score_date":"2026-07-03","updated_at":"2026-07-04 00:02:17"},"legacy_qids":[{"cve":"CVE-2024-28835","qid":"285387","title":"Fedora Security Update for gnutls (FEDORA-2024-0459dcd356)"},{"cve":"CVE-2024-28835","qid":"285421","title":"Fedora Security Update for gnutls (FEDORA-2024-af55471f75)"},{"cve":"CVE-2024-28835","qid":"510778","title":"Alpine Linux Security Update for gnutls"},{"cve":"CVE-2024-28835","qid":"756123","title":"SUSE Enterprise Linux Security Update for gnutls (SUSE-SU-2024:1271-1)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-28835","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-03-21T18:00:08.506389Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-07-05T17:21:15.160Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-04T16:11:53.931Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/03/22/1"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/03/22/2"},{"name":"RHSA-2024:1879","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:1879"},{"name":"RHSA-2024:2570","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:2570"},{"name":"RHSA-2024:2889","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2024:2889"},{"tags":["vdb-entry","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/security/cve/CVE-2024-28835"},{"name":"RHBZ#2269084","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269084"},{"tags":["x_transferred"],"url":"https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html"},{"url":"https://security.netapp.com/advisory/ntap-20241122-0009/"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://gitlab.com/gnutls/gnutls/","defaultStatus":"unaffected","packageName":"gnutls","versions":[{"status":"affected","version":"3.8.3"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"gnutls","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.7.6-23.el9_3.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"gnutls","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.8.3-4.el9_4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"gnutls","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.7.6-23.el9_3.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"gnutls","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.8.3-4.el9_4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream","cpe:/o:redhat:rhel_eus:9.2::baseos"],"defaultStatus":"affected","packageName":"gnutls","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.7.6-21.el9_2.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"gnutls","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"gnutls","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"gnutls","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","packageName":"gnutls","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"}],"datePublic":"2024-03-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-248","description":"Uncaught Exception","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-03T01:53:58.683Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2024:1879","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:1879"},{"name":"RHSA-2024:2570","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:2570"},{"name":"RHSA-2024:2889","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:2889"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2024-28835"},{"name":"RHBZ#2269084","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269084"},{"url":"https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html"}],"timeline":[{"lang":"en","time":"2024-03-11T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-03-21T00:00:00.000Z","value":"Made public."}],"title":"Gnutls: potential crash during chain building/verification","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-248: Uncaught Exception"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2024-28835","datePublished":"2024-03-21T06:13:26.916Z","dateReserved":"2024-03-11T14:43:43.973Z","dateUpdated":"2026-07-03T01:53:58.683Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-03-21 06:15:45","lastModifiedDate":"2026-07-03 03:16:23","problem_types":["CWE-248","CWE-248 Uncaught Exception"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-21T18:00:08.506389Z","id":"CVE-2024-28835","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"28835","Ordinal":"1","Title":"Gnutls: potential crash during chain building/verification","CVE":"CVE-2024-28835","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"28835","Ordinal":"1","NoteData":"A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.","Type":"Description","Title":"Gnutls: potential crash during chain building/verification"}]}}}