Vulnerabilities > CVE-2024-12243

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

CWE-407

NVD

Published: 2025-02-10

Updated: 2025-02-10

Summary

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Common Weakness Enumeration (CWE)

CWE-407 - Algorithmic Complexity

References

https://access.redhat.com/security/cve/CVE-2024-12243
https://bugzilla.redhat.com/show_bug.cgi?id=2344615
https://gitlab.com/gnutls/libtasn1/-/issues/52

Vulnerabilities > CVE-2024-12243 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-12243"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2024-12243