CVE-2024-23254

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23254
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23254.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23254
Downstream
Related
Published
2024-03-08T02:15:48.663Z
Modified
2026-02-23T08:37:37.829324Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

References

Affected packages

Git / gitlab.com/gnutls/gnutls

Affected ranges

Type
GIT
Repo
https://gitlab.com/gnutls/gnutls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0445a3554997687e10655fd10b94d5ea16adbd5a

Affected versions

Other
gnutls-0-0-7
gnutls-0-1-0-srp
gnutls-0_1_2
gnutls0-0-4
gnutls0-0-5
gnutls0-0-6
gnutls_0_1_4
gnutls_0_1_9
gnutls_0_2_0
gnutls_0_2_1
gnutls_0_2_10
gnutls_0_2_11
gnutls_0_2_2
gnutls_0_2_3
gnutls_0_2_4
gnutls_0_2_9
gnutls_0_2_90
gnutls_0_2_91
gnutls_0_3_0
gnutls_0_3_1
gnutls_0_3_2
gnutls_0_3_90
gnutls_0_3_91
gnutls_0_3_92
gnutls_0_4_0
gnutls_0_4_1
gnutls_0_4_2
gnutls_0_4_3
gnutls_0_4_with_libtasn1
gnutls_0_5_0
gnutls_0_5_1
gnutls_0_5_10
gnutls_0_5_11
gnutls_0_5_4
gnutls_0_5_5
gnutls_0_5_6
gnutls_0_5_7
gnutls_0_5_8
gnutls_0_5_9
gnutls_0_5_x_before_export_ciphersuites
gnutls_0_5_x_before_int_fixes
gnutls_0_5_x_before_types_change
gnutls_0_5_x_with_export_ciphersuites
gnutls_0_6_0
gnutls_0_8_0
gnutls_0_8_1
gnutls_0_9_1
gnutls_0_9_2
gnutls_0_9_3
gnutls_0_9_4
gnutls_0_9_5
gnutls_0_9_6
gnutls_0_9_7
gnutls_0_9_8
gnutls_0_9_90
gnutls_0_9_91
gnutls_0_9_92
gnutls_0_9_93
gnutls_0_9_94
gnutls_0_9_95
gnutls_0_9_96
gnutls_0_9_97
gnutls_0_9_98
gnutls_0_9_99
gnutls_1_0_0

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2024-23254-1b50d857",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105975880068795106673901520623991396494",
                "329460006380092277638964253190975818882",
                "323724945702724364899686126560604182933",
                "205366537988805470086567561867656555285",
                "130783181385742842763305947795409208226",
                "77482395728335056809379298057343467597",
                "155335491486192692128310176540290432081",
                "228890379419009385430745726414903177714",
                "324936089771267943942457536208661652707",
                "232693111790310291878361490110913377272",
                "293856838710011027090247338933958928335",
                "124067128226887134711954573804260571073",
                "47202109307086479451014023915335213336",
                "156373980763660831634044810443251481623",
                "3882237183255815407735498729385664973",
                "253595678565740091698286681252586002511",
                "298079128624408682283042958574907542526",
                "327040464404973188545640646515085267208",
                "318830617598113112453194395253051992412",
                "162531169054814339321971644579893676418",
                "240565719007667167051297194699522314585",
                "60572793442798112654887861732705357563",
                "198528799279629441076708402821736114733",
                "322686177916610123115767876592179302153",
                "115794488385043325225839634680768455088",
                "129811412428715399206197148538214170555",
                "8893991371685434841642585344454118218"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "lib/gnutls_int.h"
        }
    },
    {
        "id": "CVE-2024-23254-1b708112",
        "signature_version": "v1",
        "digest": {
            "function_hash": "321037026315573647168695336804914590123",
            "length": 1471.0
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Function",
        "target": {
            "file": "lib/auth_cert.c",
            "function": "call_get_cert_callback"
        }
    },
    {
        "id": "CVE-2024-23254-3574bca8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "54552549214768517456935708729207742277",
                "34365167788465364093501674364729531903",
                "108587352047802831219736672830539190863",
                "104879172340379302228800337150802696473",
                "142400002526371148783402367475176343328",
                "211379023935178594720202846693410726276",
                "324543482129122912308899452578425417186",
                "188317224607602073951508151008994678555",
                "293065695822416866215476931595282403320",
                "274162123970913583774009208363479060523",
                "229784142347088720040638561729985423409",
                "133771684325531692276315671494660884682"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "lib/gnutls_cert.c"
        }
    },
    {
        "id": "CVE-2024-23254-360b6f54",
        "signature_version": "v1",
        "digest": {
            "function_hash": "87590996891036782421411077808974903052",
            "length": 1538.0
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Function",
        "target": {
            "file": "lib/auth_cert.c",
            "function": "_select_client_cert"
        }
    },
    {
        "id": "CVE-2024-23254-556bf6f3",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "47202109307086479451014023915335213336",
                "202534589295741935745068729665306283701",
                "193352611875656828459692595734166625702",
                "65629043424115177447275884077227997077",
                "107905404020000885473121983440984749943",
                "98286360534319386491292618479907446575",
                "274268635192634994577392240066345931607",
                "243910190987648180449114299863128332404",
                "30417430161431983096375472516032573315",
                "4908966058200640206255852576417135963",
                "87920910240962093192710607009972708806",
                "99662545418928480242909902899837824016",
                "317774412060103169482914072218186466304",
                "265518201618813839576134651970333410705",
                "72119602866968754170538132542024167671",
                "280834966815660598549942162909944317123",
                "212023297004877609865563242169098884278",
                "67337215791174376616866308992353341426",
                "18536444272189868258439406658531764658"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "lib/gnutls_ui.h"
        }
    },
    {
        "id": "CVE-2024-23254-8038d064",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "46580505487202106837612321761614141213",
                "99930045493351905507579738944491706705",
                "326872670151333985847815443649735010259",
                "49858675195817191284005419402010790562"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "lib/x509/compat.c"
        }
    },
    {
        "id": "CVE-2024-23254-94549f0f",
        "signature_version": "v1",
        "digest": {
            "function_hash": "190681636114739481286234451452240647164",
            "length": 106.0
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Function",
        "target": {
            "file": "lib/gnutls_cert.c",
            "function": "gnutls_certificate_server_set_retrieve_function"
        }
    },
    {
        "id": "CVE-2024-23254-a52eb6d7",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "104125065243344332390773164234290952927",
                "308178996297243923388732986348490582619",
                "161816769422811684818875536028996561",
                "318329235677463042459530011594062983533",
                "285843259270840491342067752576994839942",
                "286711421352844049514824675466643897807",
                "36848510799640681818486429188526210599",
                "78943506437648060029908609657667774538",
                "40799864587921925275054511140445911136",
                "71429180155485930661190942747801755053",
                "138260269021543940418685473745909528628",
                "263597877660295596764635563696950647562",
                "201474551502028522790292112647604577173",
                "287131723347049378641538266115870562657",
                "311179039168378744642630344651407627542",
                "116722397671337698797162128229937102886",
                "172433445362177165860826062200774543941",
                "231843888228295458749282210718308992110",
                "176043676352974387339228373381907409397",
                "15977308875178804356859206029110682030",
                "57849142194005366428315196503613916315",
                "110432996329245098161221007137702914286",
                "49074179724193249215790612852370227406",
                "169466834881752461894126260576407967804",
                "153499635136426502292810613980239016309",
                "100693338019300354442893205284319665363",
                "67201282713381471317850411666667180377",
                "231056987511305916949685445452429063746",
                "272550147767487551962133408124430332382",
                "262530847997124563344995282775690994574",
                "239146116279639068357653984128308932510",
                "131001756351325203170403307626737298592",
                "272289817547826168729913730037468621153",
                "180345496445559494416015738358921425200",
                "10298729253684288516941320772534812213"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "lib/auth_cert.c"
        }
    },
    {
        "id": "CVE-2024-23254-be918742",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "31056662406727262451726347272752418448",
                "132270606826518626232231694371802125319"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "libextra/gnutls_openssl.c"
        }
    },
    {
        "id": "CVE-2024-23254-c194e3a3",
        "signature_version": "v1",
        "digest": {
            "function_hash": "225513177565297374790159969401876061970",
            "length": 106.0
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Function",
        "target": {
            "file": "lib/gnutls_cert.c",
            "function": "gnutls_certificate_client_set_retrieve_function"
        }
    },
    {
        "id": "CVE-2024-23254-d1d1179d",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "322537590678152715513431897165094057448",
                "44849467626014915447096112424597866672",
                "331342751308618551650948842396850900793",
                "155396241884977442517801164402930404482",
                "137554664690540344023202261656315851204",
                "280770539112432887485089347906534719917",
                "333169955893716464913358570289908832493",
                "140675434717559395525385440442467530524"
            ]
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Line",
        "target": {
            "file": "lib/auth_cert.h"
        }
    },
    {
        "id": "CVE-2024-23254-eeb69468",
        "signature_version": "v1",
        "digest": {
            "function_hash": "172763759866497556533770308187653157486",
            "length": 1709.0
        },
        "deprecated": false,
        "source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
        "signature_type": "Function",
        "target": {
            "file": "lib/auth_cert.c",
            "function": "_gnutls_server_select_cert"
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23254.json"