CVE-2024-12243 | THREATINT

Description

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

PUBLISHED Reserved 2024-12-05 | Published 2025-02-10 | Updated 2025-10-06 | Assigner redhat

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Inefficient Algorithmic Complexity

Product status

Default status

unknown

Any version

affected

3.7.0 (semver)

affected

3.8.0 (semver) before 3.8.8

affected

3.8.9 (semver) before *

unaffected

Default status

affected

0:3.6.16-8.el8_10.3 (rpm) before *

unaffected

Default status

affected

0:3.6.16-8.el8_10.3 (rpm) before *

unaffected

Default status

affected

0:3.8.3-6.el9 (rpm) before *

unaffected

Default status

affected

0:3.8.3-6.el9 (rpm) before *

unaffected

Default status

affected

0:3.7.6-21.el9_2.4 (rpm) before *

unaffected

Default status

affected

0:3.8.3-4.el9_4.2 (rpm) before *

unaffected

Default status

affected

sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63 (rpm) before *

unaffected

Default status

affected

sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644 (rpm) before *

unaffected

Default status

affected

Default status

unknown

Default status

unknown

Default status

affected

Timeline

2025-02-10:	Reported to Red Hat.
2025-02-10:	Made public.

Credits

Red Hat would like to thank Bing Shi for reporting this issue.

References

access.redhat.com/errata/RHSA-2025:17361 (RHSA-2025:17361) vendor-advisory

access.redhat.com/errata/RHSA-2025:4051 (RHSA-2025:4051) vendor-advisory

access.redhat.com/errata/RHSA-2025:7076 (RHSA-2025:7076) vendor-advisory

access.redhat.com/errata/RHSA-2025:8020 (RHSA-2025:8020) vendor-advisory

access.redhat.com/errata/RHSA-2025:8385 (RHSA-2025:8385) vendor-advisory

access.redhat.com/security/cve/CVE-2024-12243 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2344615 (RHBZ#2344615) issue-tracking

gitlab.com/gnutls/libtasn1/-/issues/52

cve.org (CVE-2024-12243)

nvd.nist.gov (CVE-2024-12243)

Download JSON

help @ threatint.eu