CVE-2024-12243

Опубликовано: 10 фев. 2025

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	gnutls	Affected
Red Hat Enterprise Linux 6	gnutls	Out of support scope
Red Hat Enterprise Linux 7	gnutls	Out of support scope
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred
Red Hat Enterprise Linux 8	gnutls	Fixed	RHSA-2025:4051	23.04.2025
Red Hat Enterprise Linux 8	gnutls	Fixed	RHSA-2025:4051	23.04.2025
Red Hat Enterprise Linux 9	gnutls	Fixed	RHSA-2025:7076	13.05.2025
Red Hat Enterprise Linux 9	gnutls	Fixed	RHSA-2025:7076	13.05.2025
Red Hat Enterprise Linux 9.4 Extended Update Support	gnutls	Fixed	RHSA-2025:8020	20.05.2025
Red Hat Discovery 1.14	registry.redhat.io/discovery/discovery-server-rhel9	Fixed	RHSA-2025:8385	02.06.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-407

https://bugzilla.redhat.com/show_bug.cgi?id=2344615gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

EPSS

Процентиль: 72%

0.00745

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-12243

CVSS3: 5.3

ubuntu

6 месяцев назад

CVE-2024-12243

CVSS3: 5.3

nvd

6 месяцев назад

CVE-2024-12243

CVSS3: 5.3

msrc

5 месяцев назад

Описание отсутствует

CVE-2024-12243

CVSS3: 5.3

debian

6 месяцев назад

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data pr ...

SUSE-SU-2025:0767-1

suse-cvrf

5 месяцев назад

Security update for gnutls

EPSS

Процентиль: 72%

0.00745

Низкий

5.3 Medium

CVSS3