PT-2025-5893 · Libtasn1+9 · Libtasn1+9

Bing Shi

·

Publicado

2024-07-01

·

Atualizado

2025-10-06

·

CVE-2024-12133

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions libtasn1 (affected versions not specified)
Description A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. The issue is related to the handling of numerous SEQUENCE OF or SET OF elements in DER data, which results in quadratic time complexity.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-407

Identificadores relacionados

ALSA-2025:4049
ALSA-2025:7077
ALT-PU-2025-2848
ALT-PU-2025-2889
ALT-PU-2025-3626
AZL-56705
AZL-56720
AZL-56758
AZL-56767
BDU:2025-12052
CESA-2025_4049
CVE-2024-12133
DLA-4061-1
DSA-5863-1
INFSA-2025_4049
INFSA-2025_7077
MGASA-2025-0043
OESA-2025-1107
OPENSUSE-SU-2025:14756-1
OPENSUSE-SU-2025:14835-1
OPENSUSE-SU-2025_0548-1
RHSA-2025:17347
RHSA-2025:4049
RHSA-2025:7077
RHSA-2025:8021
RHSA-2025_4049
RHSA-2025_7077
SUSE-SU-2025:0512-1
SUSE-SU-2025:0548-1
SUSE-SU-2025:20171-1
SUSE-SU-2025:20275-1
SUSE-SU-2025_0512-1
SUSE-SU-2025_0548-1
USN-7275-1
USN-7275-2

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libtasn1