CVE-2024-12243 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Reserved 2024-12-05 | Published 2025-02-10 | Updated 2025-05-13 | Assigner redhat

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Inefficient Algorithmic Complexity

Product status

Default status

unknown

Any version

affected

3.7.0

affected

3.8.0 before 3.8.8

affected

3.8.9 before *

unaffected

Default status

affected

0:3.6.16-8.el8_10.3 before *

unaffected

Default status

affected

0:3.6.16-8.el8_10.3 before *

unaffected

Default status

affected

0:3.8.3-6.el9 before *

unaffected

Default status

affected

0:3.8.3-6.el9 before *

unaffected

Default status

unknown

Default status

unknown

Default status

affected

Timeline

2025-02-10:	Reported to Red Hat.
2025-02-10:	Made public.

Credits

Red Hat would like to thank Bing Shi for reporting this issue.

References

access.redhat.com/errata/RHSA-2025:4051 (RHSA-2025:4051) vendor-advisory

access.redhat.com/errata/RHSA-2025:7076 (RHSA-2025:7076) vendor-advisory

access.redhat.com/security/cve/CVE-2024-12243 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2344615 (RHBZ#2344615) issue-tracking

gitlab.com/gnutls/libtasn1/-/issues/52

cve.org (CVE-2024-12243)

nvd.nist.gov (CVE-2024-12243)

Download JSON

https://cve.threatint.eu/CVE/CVE-2024-12243

Support options

Helpdesk Chat, Email, Knowledgebase