CVE-2024-23284
- Source
- https://cve.org/CVERecord?id=CVE-2024-23284
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23284.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-23284
- Downstream
- Related
- Published
- 2024-03-08T02:15:49.883Z
- Modified
- 2026-02-13T16:28:27.533984Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
- References
-
- https://support.apple.com/kb/HT214081
- https://support.apple.com/kb/HT214082
- https://support.apple.com/kb/HT214084
- https://support.apple.com/kb/HT214087
- https://support.apple.com/kb/HT214089
- https://support.apple.com/en-us/HT214081
- https://support.apple.com/en-us/HT214082
- https://support.apple.com/en-us/HT214084
- https://support.apple.com/en-us/HT214086
- https://support.apple.com/en-us/HT214087
- https://support.apple.com/en-us/HT214088
- https://support.apple.com/en-us/HT214089
- http://seclists.org/fulldisclosure/2024/Mar/20
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/25
- http://seclists.org/fulldisclosure/2024/Mar/26
- http://www.openwall.com/lists/oss-security/2024/03/26/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/
Affected packages
Git / gitlab.com/gnutls/gnutls
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/gnutls/gnutls
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
gnutls-0-0-7
gnutls-0-1-0-srp
gnutls-0_1_2
gnutls0-0-4
gnutls0-0-5
gnutls0-0-6
gnutls_0_1_4
gnutls_0_1_9
gnutls_0_2_0
gnutls_0_2_1
gnutls_0_2_10
gnutls_0_2_11
gnutls_0_2_2
gnutls_0_2_3
gnutls_0_2_4
gnutls_0_2_9
gnutls_0_2_90
gnutls_0_2_91
gnutls_0_3_0
gnutls_0_3_1
gnutls_0_3_2
gnutls_0_3_90
gnutls_0_3_91
gnutls_0_3_92
gnutls_0_4_0
gnutls_0_4_1
gnutls_0_4_2
gnutls_0_4_3
gnutls_0_4_with_libtasn1
gnutls_0_5_0
gnutls_0_5_1
gnutls_0_5_10
gnutls_0_5_11
gnutls_0_5_4
gnutls_0_5_5
gnutls_0_5_6
gnutls_0_5_7
gnutls_0_5_8
gnutls_0_5_9
gnutls_0_5_x_before_export_ciphersuites
gnutls_0_5_x_before_int_fixes
gnutls_0_5_x_before_types_change
gnutls_0_5_x_with_export_ciphersuites
gnutls_0_6_0
gnutls_0_8_0
gnutls_0_8_1
gnutls_0_9_1
gnutls_0_9_2
gnutls_0_9_3
gnutls_0_9_4
gnutls_0_9_5
gnutls_0_9_6
gnutls_0_9_7
gnutls_0_9_8
gnutls_0_9_90
gnutls_0_9_91
gnutls_0_9_92
gnutls_0_9_93
gnutls_0_9_94
gnutls_0_9_95
gnutls_0_9_96
gnutls_0_9_97
gnutls_0_9_98
gnutls_0_9_99
gnutls_1_0_0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23284.json"
vanir_signatures
[
{
"id": "CVE-2024-23284-1b50d857",
"target": {
"file": "lib/gnutls_int.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"105975880068795106673901520623991396494",
"329460006380092277638964253190975818882",
"323724945702724364899686126560604182933",
"205366537988805470086567561867656555285",
"130783181385742842763305947795409208226",
"77482395728335056809379298057343467597",
"155335491486192692128310176540290432081",
"228890379419009385430745726414903177714",
"324936089771267943942457536208661652707",
"232693111790310291878361490110913377272",
"293856838710011027090247338933958928335",
"124067128226887134711954573804260571073",
"47202109307086479451014023915335213336",
"156373980763660831634044810443251481623",
"3882237183255815407735498729385664973",
"253595678565740091698286681252586002511",
"298079128624408682283042958574907542526",
"327040464404973188545640646515085267208",
"318830617598113112453194395253051992412",
"162531169054814339321971644579893676418",
"240565719007667167051297194699522314585",
"60572793442798112654887861732705357563",
"198528799279629441076708402821736114733",
"322686177916610123115767876592179302153",
"115794488385043325225839634680768455088",
"129811412428715399206197148538214170555",
"8893991371685434841642585344454118218"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-1b708112",
"target": {
"function": "call_get_cert_callback",
"file": "lib/auth_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"function_hash": "321037026315573647168695336804914590123",
"length": 1471.0
},
"signature_type": "Function"
},
{
"id": "CVE-2024-23284-3574bca8",
"target": {
"file": "lib/gnutls_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"54552549214768517456935708729207742277",
"34365167788465364093501674364729531903",
"108587352047802831219736672830539190863",
"104879172340379302228800337150802696473",
"142400002526371148783402367475176343328",
"211379023935178594720202846693410726276",
"324543482129122912308899452578425417186",
"188317224607602073951508151008994678555",
"293065695822416866215476931595282403320",
"274162123970913583774009208363479060523",
"229784142347088720040638561729985423409",
"133771684325531692276315671494660884682"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-360b6f54",
"target": {
"function": "_select_client_cert",
"file": "lib/auth_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"function_hash": "87590996891036782421411077808974903052",
"length": 1538.0
},
"signature_type": "Function"
},
{
"id": "CVE-2024-23284-556bf6f3",
"target": {
"file": "lib/gnutls_ui.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47202109307086479451014023915335213336",
"202534589295741935745068729665306283701",
"193352611875656828459692595734166625702",
"65629043424115177447275884077227997077",
"107905404020000885473121983440984749943",
"98286360534319386491292618479907446575",
"274268635192634994577392240066345931607",
"243910190987648180449114299863128332404",
"30417430161431983096375472516032573315",
"4908966058200640206255852576417135963",
"87920910240962093192710607009972708806",
"99662545418928480242909902899837824016",
"317774412060103169482914072218186466304",
"265518201618813839576134651970333410705",
"72119602866968754170538132542024167671",
"280834966815660598549942162909944317123",
"212023297004877609865563242169098884278",
"67337215791174376616866308992353341426",
"18536444272189868258439406658531764658"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-8038d064",
"target": {
"file": "lib/x509/compat.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"46580505487202106837612321761614141213",
"99930045493351905507579738944491706705",
"326872670151333985847815443649735010259",
"49858675195817191284005419402010790562"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-94549f0f",
"target": {
"function": "gnutls_certificate_server_set_retrieve_function",
"file": "lib/gnutls_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"function_hash": "190681636114739481286234451452240647164",
"length": 106.0
},
"signature_type": "Function"
},
{
"id": "CVE-2024-23284-a52eb6d7",
"target": {
"file": "lib/auth_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"104125065243344332390773164234290952927",
"308178996297243923388732986348490582619",
"161816769422811684818875536028996561",
"318329235677463042459530011594062983533",
"285843259270840491342067752576994839942",
"286711421352844049514824675466643897807",
"36848510799640681818486429188526210599",
"78943506437648060029908609657667774538",
"40799864587921925275054511140445911136",
"71429180155485930661190942747801755053",
"138260269021543940418685473745909528628",
"263597877660295596764635563696950647562",
"201474551502028522790292112647604577173",
"287131723347049378641538266115870562657",
"311179039168378744642630344651407627542",
"116722397671337698797162128229937102886",
"172433445362177165860826062200774543941",
"231843888228295458749282210718308992110",
"176043676352974387339228373381907409397",
"15977308875178804356859206029110682030",
"57849142194005366428315196503613916315",
"110432996329245098161221007137702914286",
"49074179724193249215790612852370227406",
"169466834881752461894126260576407967804",
"153499635136426502292810613980239016309",
"100693338019300354442893205284319665363",
"67201282713381471317850411666667180377",
"231056987511305916949685445452429063746",
"272550147767487551962133408124430332382",
"262530847997124563344995282775690994574",
"239146116279639068357653984128308932510",
"131001756351325203170403307626737298592",
"272289817547826168729913730037468621153",
"180345496445559494416015738358921425200",
"10298729253684288516941320772534812213"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-be918742",
"target": {
"file": "libextra/gnutls_openssl.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"31056662406727262451726347272752418448",
"132270606826518626232231694371802125319"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-c194e3a3",
"target": {
"function": "gnutls_certificate_client_set_retrieve_function",
"file": "lib/gnutls_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"function_hash": "225513177565297374790159969401876061970",
"length": 106.0
},
"signature_type": "Function"
},
{
"id": "CVE-2024-23284-d1d1179d",
"target": {
"file": "lib/auth_cert.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322537590678152715513431897165094057448",
"44849467626014915447096112424597866672",
"331342751308618551650948842396850900793",
"155396241884977442517801164402930404482",
"137554664690540344023202261656315851204",
"280770539112432887485089347906534719917",
"333169955893716464913358570289908832493",
"140675434717559395525385440442467530524"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2024-23284-eeb69468",
"target": {
"function": "_gnutls_server_select_cert",
"file": "lib/auth_cert.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@0445a3554997687e10655fd10b94d5ea16adbd5a",
"digest": {
"function_hash": "172763759866497556533770308187653157486",
"length": 1709.0
},
"signature_type": "Function"
}
]