CVE-2024-12133

Опубликовано: 10 фев. 2025

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	libtasn1	Affected
Red Hat Enterprise Linux 6	libtasn1	Out of support scope
Red Hat Enterprise Linux 7	libtasn1	Out of support scope
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred
Red Hat Enterprise Linux 8	libtasn1	Fixed	RHSA-2025:4049	23.04.2025
Red Hat Enterprise Linux 8	libtasn1	Fixed	RHSA-2025:4049	23.04.2025
Red Hat Enterprise Linux 9	libtasn1	Fixed	RHSA-2025:7077	13.05.2025
Red Hat Enterprise Linux 9	libtasn1	Fixed	RHSA-2025:7077	13.05.2025
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	libtasn1	Fixed	RHSA-2025:17347	06.10.2025
Red Hat Enterprise Linux 9.4 Extended Update Support	libtasn1	Fixed	RHSA-2025:8021	20.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-407

https://bugzilla.redhat.com/show_bug.cgi?id=2344611libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

EPSS

Процентиль: 65%

0.00475

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-12133

CVSS3: 5.3

ubuntu

около 1 года назад

CVE-2024-12133

CVSS3: 5.3

nvd

около 1 года назад

CVE-2024-12133

CVSS3: 5.3

msrc

около 1 года назад

Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos

CVE-2024-12133

CVSS3: 5.3

debian

около 1 года назад

A flaw in libtasn1 causes inefficient handling of specific certificate ...

SUSE-SU-2025:0548-1

suse-cvrf

около 1 года назад

Security update for libtasn1

EPSS

Процентиль: 65%

0.00475

Низкий

5.3 Medium

CVSS3