CVE-2024-12243

ADVISORY - debian

Summary

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

[experimental] - gnutls28 3.8.9-1

gnutls28 3.8.9-2 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07 https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html https://gitlab.com/gnutls/gnutls/-/issues/1553 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892 (3.8.9)

EPSS Score⁠: 0.00323 (0.547)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-407⁠

Inefficient Algorithmic Complexity

ADVISORY - redhat

CWE-407⁠

Inefficient Algorithmic Complexity

Impacted images

Advisories

Debian

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/gnutls28	deb	debian	12	<3.7.9-2+deb12u4	3.7.9-2+deb12u4
debian/gnutls28	deb	debian	13	<3.8.9-2	3.8.9-2
debian/gnutls28	deb	debian	unstable	<3.8.9-2	3.8.9-2
debian/gnutls28	deb	debian	11	<3.7.1-5+deb11u7	3.7.1-5+deb11u7

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

3 months ago

UPDATED

4 days ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-407⁠

CVSS SCORE

5.3medium

Ubuntu

CREATED

3 months ago

UPDATED

10 days ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

Alma

CREATED

26 days ago

UPDATED

9 days ago

ADVISORY IDALSA-2025:4051⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY IDALAS2023-2025-958⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-407⁠

CVSS SCORE

5.3medium

Oracle

CREATED

24 days ago

UPDATED

24 days ago

ADVISORY IDELSA-2025-20284⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

27 days ago

UPDATED

27 days ago

ADVISORY IDELSA-2025-4051⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium