CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
redhatCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bullseye
vulnerable
bullseye (security)
3.7.1-5+deb11u7
fixed
bookworm
3.7.9-2+deb12u4
fixed
bookworm (security)
3.7.9-2+deb12u4
fixed
trixie
3.8.9-3
fixed
sid
3.8.9-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls28
plucky
Fixed 3.8.9-2ubuntu1
released
oracular
Fixed 3.8.6-2ubuntu1.1
released
noble
Fixed 3.8.3-1.1ubuntu3.3
released
jammy
Fixed 3.7.3-4ubuntu1.6
released
focal
Fixed 3.6.13-2ubuntu1.12
released
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:4051
https://access.redhat.com/errata/RHSA-2025:7076
https://access.redhat.com/errata/RHSA-2025:8020
https://access.redhat.com/errata/RHSA-2025:8385
https://access.redhat.com/security/cve/CVE-2024-12243
https://bugzilla.redhat.com/show_bug.cgi?id=2344615
https://gitlab.com/gnutls/libtasn1/-/issues/52
https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html
https://security.netapp.com/advisory/ntap-20250523-0002/