VDB
ALPINE-CVE-2024-28835
ALPINE-CVE-2024-28835
PUBLISHED
CVSS 5 MEDIUM
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Risk Scores
CVSS v3.1
5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.23 | gnutls | 3.3.9-r0, 3.3.9-r1, 3.4.1-r0 |
| Alpine:v3.21 | gnutls | 3.4.11-r0, 3.8.3-r0, 3.8.1-r0 |
| Alpine:v3.18 | gnutls | 3.5.9-r0, 0, 2.10.4-r0 |
| Alpine:v3.20 | gnutls | 0, 3.8.3-r0, 3.8.1-r0 |
| Alpine:v3.19 | gnutls | 3.8.3-r0, 3.2.4-r0, 0 |
| Alpine:v3.22 | gnutls | 3.8.3-r0, 2.10.4-r0, 0 |
Timeline
- Mar 21, 2024 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch