CVE-2024-12243

Опубликовано: 10 фев. 2025

Источник: redhat

CVSS3: 5.3

Описание

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	gnutls	Affected
Red Hat Enterprise Linux 6	gnutls	Out of support scope
Red Hat Enterprise Linux 7	gnutls	Out of support scope
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred
Red Hat Enterprise Linux 8	gnutls	Fixed	RHSA-2025:4051	23.04.2025
Red Hat Enterprise Linux 8	gnutls	Fixed	RHSA-2025:4051	23.04.2025
Red Hat Enterprise Linux 9	gnutls	Fixed	RHSA-2025:7076	13.05.2025
Red Hat Enterprise Linux 9	gnutls	Fixed	RHSA-2025:7076	13.05.2025
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	gnutls	Fixed	RHSA-2025:17361	06.10.2025
Red Hat Enterprise Linux 9.4 Extended Update Support	gnutls	Fixed	RHSA-2025:8020	20.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-407

https://bugzilla.redhat.com/show_bug.cgi?id=2344615gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-12243

CVSS3: 5.3

ubuntu

около 1 года назад

CVE-2024-12243

CVSS3: 5.3

nvd

около 1 года назад

CVE-2024-12243

CVSS3: 5.3

msrc

12 месяцев назад

Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

CVE-2024-12243

CVSS3: 5.3

debian

около 1 года назад

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data pr ...

SUSE-SU-2025:0767-1

suse-cvrf

около 1 года назад

Security update for gnutls

5.3 Medium

CVSS3