Unrated severityOSV Advisory· Published Jan 16, 2024· Updated Nov 20, 2025

Gnutls: rejects certificate chain with distributed trust

CVE-2024-0567

Description

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Affected products

Free Software Foundation Inc./GnutlsOSV
Range: 3.7.0, 3.7.1, 3.7.2, …
osv-coords18 versions
pkg:rpm/almalinux/gnutls pkg:rpm/almalinux/gnutls-c%2B%2B pkg:rpm/almalinux/gnutls-dane pkg:rpm/almalinux/gnutls-devel pkg:rpm/almalinux/gnutls-utils pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweed pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Server%204.3
< 3.7.6-23.el9_3.3+ 17 more
- (no CPE)range: < 3.7.6-23.el9_3.3
- (no CPE)range: < 3.7.6-23.el9_3.3
- (no CPE)range: < 3.7.6-23.el9_3.3
- (no CPE)range: < 3.7.6-23.el9_3.3
- (no CPE)range: < 3.7.6-23.el9_3.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.8.3-1.1
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.1.3.1
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3
- (no CPE)range: < 3.7.3-150400.4.41.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:0533mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:1082mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:1383mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:2094mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-0567mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
gitlab.com/gnutls/gnutls/-/issues/1521mitre
lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000