CVE-2024-12133 | THREATINT

Description

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

PUBLISHED Reserved 2024-12-04 | Published 2025-02-10 | Updated 2025-11-20 | Assigner redhat

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Inefficient Algorithmic Complexity

Product status

Default status

unaffected

Any version before 4.20.0

affected

Default status

affected

0:4.13-5.el8_10 (rpm) before *

unaffected

Default status

affected

0:4.13-5.el8_10 (rpm) before *

unaffected

Default status

affected

0:4.16.0-9.el9 (rpm) before *

unaffected

Default status

affected

0:4.16.0-9.el9 (rpm) before *

unaffected

Default status

affected

0:4.16.0-8.el9_2.1 (rpm) before *

unaffected

Default status

affected

0:4.16.0-8.el9_4.1 (rpm) before *

unaffected

Default status

affected

sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c (rpm) before *

unaffected

Default status

affected

sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644 (rpm) before *

unaffected

Default status

affected

Default status

unknown

Default status

unknown

Default status

affected

Timeline

2025-02-10:	Reported to Red Hat.
2025-02-10:	Made public.

Credits

Red Hat would like to thank Bing Shi for reporting this issue.

References

www.openwall.com/lists/oss-security/2025/02/06/6

lists.debian.org/debian-lts-announce/2025/02/msg00025.html

security.netapp.com/advisory/ntap-20250523-0003/

access.redhat.com/errata/RHSA-2025:17347 (RHSA-2025:17347) vendor-advisory

access.redhat.com/errata/RHSA-2025:4049 (RHSA-2025:4049) vendor-advisory

access.redhat.com/errata/RHSA-2025:7077 (RHSA-2025:7077) vendor-advisory

access.redhat.com/errata/RHSA-2025:8021 (RHSA-2025:8021) vendor-advisory

access.redhat.com/errata/RHSA-2025:8385 (RHSA-2025:8385) vendor-advisory

access.redhat.com/security/cve/CVE-2024-12133 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2344611 (RHBZ#2344611) issue-tracking

gitlab.com/gnutls/libtasn1/-/issues/52

cve.org (CVE-2024-12133)

nvd.nist.gov (CVE-2024-12133)

Download JSON

help @ threatint.eu