CVE-2024-12243

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

ALSA-2025:4051

ALSA-2025:7076

ALT-PU-2025-3314

ALT-PU-2025-3316

ALT-PU-2025-3624

AZL-56752

AZL-56762

BDU:2025-12051

CESA-2025_4051

CVE-2024-12243

DLA-4063-1

DSA-5867-1

INFSA-2025_4051

INFSA-2025_7076

MGASA-2025-0071

OESA-2025-1173

OESA-2025-1174

OESA-2025-1175

OESA-2025-1176

OESA-2025-2610

OPENSUSE-SU-2025:14835-1

OPENSUSE-SU-2025_0764-1

OPENSUSE-SU-2025_0765-1

RHSA-2025:17361

RHSA-2025:4051

RHSA-2025:7076

RHSA-2025:8020

RHSA-2025_4051

RHSA-2025_7076

SUSE-SU-2025:00764-1

SUSE-SU-2025:0727-1

SUSE-SU-2025:0728-1

SUSE-SU-2025:0764-1

SUSE-SU-2025:0765-1

SUSE-SU-2025:0766-1

SUSE-SU-2025:0767-1

SUSE-SU-2025:20157-1

SUSE-SU-2025:20297-1

SUSE-SU-2025_00764-1

SUSE-SU-2025_0764-1

SUSE-SU-2025_0766-1

SUSE-SU-2025_0767-1

USN-7281-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Gnutls

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libtasn1

CVE-2024-12243

Weakness Enumeration

Related Identifiers

Affected Products

References · 94