{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/vex/2024/cve-2024-45341-els_os-centos8_5els.json" } ], "tracking": { "current_release_date": "2026-04-08T20:10:44Z", "generator": { "date": "2026-04-08T20:10:44Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-45341-ELS_OS-CENTOS8.5ELS", "initial_release_date": "2024-01-01T00:00:00Z", "revision_history": [ { "date": "2024-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-08T20:10:44Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2024-45341" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" }, { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.x86_64", "product_id": "pam-0:1.3.1-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/pam@1.3.1-15.el8?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/pam-devel@1.3.1-15.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.i686", "product": { "name": "pam-0:1.3.1-15.el8.i686", "product_id": "pam-0:1.3.1-15.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/centos/pam@1.3.1-15.el8?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.i686", "product_id": "pam-devel-0:1.3.1-15.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/centos/pam-devel@1.3.1-15.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.i686" }, "product_reference": "pam-0:1.3.1-15.el8.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-45341", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "notes": [ { "category": "description", "text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45341" } ], "release_date": "2025-01-17T00:00:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This issue only affects Go’s crypto/x509 validation when a private PKI enforces URI-based name constraints and a presented certificate’s URI uses an IPv6 zone ID; public Web PKI certificates do not contain URIs, so standard HTTPS/TLS chains are unaffected. Exploitation requires a crafted certificate chain under a trusted private CA with URI constraints, and the impact is limited to potential mis-acceptance of such certificates (no availability impact), aligning with the High attack complexity and Low C/I effects in the CVSS vector. If your PKI does not use URI SANs or URI name constraints, there is no exposure, making this a safe candidate to deprioritize.", "product_ids": [ "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }