PT-2025-5893 · Libtasn1+9 · Libtasn1+9

Bing Shi

Published

2024-07-01

Updated

2025-10-06

CVE-2024-12133

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libtasn1 (affected versions not specified)

Description A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. The issue is related to the handling of numerous SEQUENCE OF or SET OF elements in DER data, which results in quadratic time complexity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

ALSA-2025:4049

ALSA-2025:7077

ALT-PU-2025-2848

ALT-PU-2025-2889

ALT-PU-2025-3626

AZL-56705

AZL-56720

AZL-56758

AZL-56767

BDU:2025-12052

CESA-2025_4049

CVE-2024-12133

DLA-4061-1

DSA-5863-1

INFSA-2025_4049

INFSA-2025_7077

MGASA-2025-0043

OESA-2025-1107

OPENSUSE-SU-2025:14756-1

OPENSUSE-SU-2025:14835-1

OPENSUSE-SU-2025_0548-1

RHSA-2025:17347

RHSA-2025:4049

RHSA-2025:7077

RHSA-2025:8021

RHSA-2025_4049

RHSA-2025_7077

SUSE-SU-2025:0512-1

SUSE-SU-2025:0548-1

SUSE-SU-2025:20171-1

SUSE-SU-2025:20275-1

SUSE-SU-2025_0512-1

SUSE-SU-2025_0548-1

USN-7275-1

USN-7275-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtasn1

PT-2025-5893 · Libtasn1+9 · Libtasn1+9

CVE-2024-12133

Weakness Enumeration

Related Identifiers

Affected Products

References · 87