Unrated severityOSV Advisory· Published Jun 6, 2024· Updated Mar 17, 2026
Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
CVE-2024-3049
Description
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16v0.1.0, v0.1.2, v0.1.3, …+ 1 more
- (no CPE)range: v0.1.0, v0.1.2, v0.1.3, …
- (no CPE)
- osv-coords14 versionspkg:rpm/almalinux/boothpkg:rpm/almalinux/booth-arbitratorpkg:rpm/almalinux/booth-corepkg:rpm/almalinux/booth-sitepkg:rpm/almalinux/booth-testpkg:rpm/opensuse/booth&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/booth&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/booth&distro=openSUSE%20Tumbleweedpkg:rpm/suse/booth&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/booth&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/booth&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/booth&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/booth&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/booth&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20GEO%20Extension%2012%20SP5
< 1.1-1.el8_10.1+ 13 more
- (no CPE)range: < 1.1-1.el8_10.1
- (no CPE)range: < 1.1-1.el8_10.1
- (no CPE)range: < 1.1-1.el8_10.1
- (no CPE)range: < 1.1-1.el8_10.1
- (no CPE)range: < 1.1-1.el8_10.1
- (no CPE)range: < 1.0+20220815.f40c2d5-150500.3.3.1
- (no CPE)range: < 1.1+git0.09b0074-150600.3.3.1
- (no CPE)range: < 1.2+git0.322fea0-1.1
- (no CPE)range: < 1.0-150100.11.6.1
- (no CPE)range: < 1.0-150300.18.6.1
- (no CPE)range: < 1.0+20210519.bfb2f92-150400.3.6.1
- (no CPE)range: < 1.0+20220815.f40c2d5-150500.3.3.1
- (no CPE)range: < 1.1+git0.09b0074-150600.3.3.1
- (no CPE)range: < 1.0-42.6.1
Patches
Vulnerability mechanics
References
10- access.redhat.com/errata/RHSA-2024:3657mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:3658mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:3659mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:3660mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:3661mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:4400mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:4411mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2024-3049mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- github.com/ClusterLabs/booth/pull/142mitre
News mentions
0No linked articles in our index yet.