Updated: 2026-02-27 02:19:31.403196
Description:
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | gnutls | 3.7.6 | 7.5 | HIGH | Released | CLSA-2024:1729546717 | 2024-10-22 06:37:52 | |
| CentOS 6 ELS | gnutls | 2.12.23 | 7.5 | HIGH | Not Vulnerable | 2024-02-01 08:38:47 | ||
| CentOS 7 ELS | gnutls | 3.3.29 | 7.5 | HIGH | Not Vulnerable | 2024-02-01 08:38:47 | ||
| CentOS 8.4 ELS | gnutls | 3.6.14 | 7.5 | HIGH | Not Vulnerable | 2024-02-01 08:38:47 | ||
| CentOS 8.5 ELS | gnutls | 3.6.16 | 7.5 | HIGH | Not Vulnerable | 2024-02-01 08:38:47 | ||
| CentOS Stream 8 ELS | gnutls | 3.6.16 | 7.5 | HIGH | Not Vulnerable | 2024-05-10 10:14:45 | ||
| CloudLinux 6 ELS | gnutls | 2.12.23 | 7.5 | HIGH | Not Vulnerable | 2024-02-01 08:38:47 | ||
| Oracle Linux 6 ELS | gnutls | 2.12.23 | 7.5 | HIGH | Not Vulnerable | 2024-02-01 08:38:47 |