CVE-2024-12243

ADVISORY - ubuntu

Summary

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

EPSS Score⁠: 0.00623 (0.692)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-407⁠

Inefficient Algorithmic Complexity

ADVISORY - redhat

CWE-407⁠

Inefficient Algorithmic Complexity

Impacted images

Advisories

Ubuntu

CREATED

5 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
ubuntu/gnutls28	deb	ubuntu	22.04	<3.7.3-4ubuntu1.6	3.7.3-4ubuntu1.6
ubuntu/gnutls28	deb	ubuntu	25.04	<3.8.9-2ubuntu1	3.8.9-2ubuntu1
ubuntu/gnutls28	deb	ubuntu	24.10	<3.8.6-2ubuntu1.1	3.8.6-2ubuntu1.1
ubuntu/gnutls28	deb	ubuntu	20.04	<3.6.13-2ubuntu1.12	3.6.13-2ubuntu1.12
ubuntu/gnutls28	deb	ubuntu	24.04	<3.8.3-1.1ubuntu3.3	3.8.3-1.1ubuntu3.3

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

5 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-407⁠

CVSS SCORE

5.3medium

Debian

CREATED

5 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Alma

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDALSA-2025:4051⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

2 months ago

UPDATED

4 days ago

ADVISORY IDALSA-2025:7076⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

1 month ago

UPDATED

24 days ago

ADVISORY IDALAS2-2025-2885⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDALAS2023-2025-958⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

5 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-12243⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-407⁠

CVSS SCORE

5.3medium

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-20284⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDELSA-2025-4051⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-7076⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium