CVE-2024-12133

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:4049
https://access.redhat.com/security/cve/CVE-2024-12133
https://bugzilla.redhat.com/show_bug.cgi?id=2344611
https://gitlab.com/gnutls/libtasn1/-/issues/52
http://www.openwall.com/lists/oss-security/2025/02/06/6
https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html

Configurations

No configuration.

History

23 Apr 2025, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:4049 -

21 Feb 2025, 13:15

Type	Values Removed	Values Added
Summary		(es) Una falla en libtasn1 provoca un manejo ineficiente de datos de certificados específicos. Al procesar una gran cantidad de elementos en un certificado, libtasn1 tarda mucho más de lo esperado, lo que puede ralentizar o incluso bloquear el sistema. Esta falla permite que un atacante envíe un certificado especialmente manipulado, lo que provoca un ataque de denegación de servicio.
References		() https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html -

10 Feb 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-10 16:15

Updated : 2025-04-23 12:15

NVD link : CVE-2024-12133

Mitre link : CVE-2024-12133

CVE.ORG link : CVE-2024-12133

JSON object : View

Products Affected

No product.

CWE

CWE-407

Inefficient Algorithmic Complexity

5.3 /10