CVE-2024-12133
published 2025-02-10CVE-2024-12133: A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
1.03%
59.3th percentile
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtasn1-6 | < libtasn1-6 4.19.0-2+deb12u1 (bookworm) | libtasn1-6 4.19.0-2+deb12u1 (bookworm) |
| msrc | azl3_gnutls_3.8.3-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_gnutls_3.8.3-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_libtasn1_4.19.0-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_gnutls_3.7.11-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_gnutls_3.7.11-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libtasn1_4.19.0-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_oracle5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: Core (Libtasn1) — CVE-2024-12133
vendor_oracle·2026-01-15·CVSS 5.3
CVE-2024-12133 [MEDIUM] Oracle Oracle Communications Risk Matrix: Core (Libtasn1) — CVE-2024-12133
Oracle Oracle Communications Risk Matrix: Core (Libtasn1) vulnerability
CVE: CVE-2024-12133
CVSS: 5.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2026 (JAN 2026)
Oracle
Oracle Oracle Communications Applications Risk Matrix: Installation (Libtasn1) — CVE-2024-12133
vendor_oracle·2025-10-15·CVSS 5.3
CVE-2024-12133 [MEDIUM] Oracle Oracle Communications Applications Risk Matrix: Installation (Libtasn1) — CVE-2024-12133
Oracle Oracle Communications Applications Risk Matrix: Installation (Libtasn1) vulnerability
CVE: CVE-2024-12133
CVSS: 5.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Libtasn1) — CVE-2024-12133
vendor_oracle·2025-07-15·CVSS 5.3
CVE-2024-12133 [MEDIUM] Oracle Oracle Communications Risk Matrix: Install/Upgrade (Libtasn1) — CVE-2024-12133
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Libtasn1) vulnerability
CVE: CVE-2024-12133
CVSS: 5.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2025 (JUL 2025)
CISA ICS
Siemens SIMATIC S7-1500 CPU Family
cisa_ics·2025-06-12
Siemens SIMATIC S7-1500 CPU Family
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU Family
Release DateJune 12, 2025
Alert CodeICSA-25-162-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU family
- Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-
Ubuntu
Libtasn1 vulnerability
vendor_ubuntu·2025-02-20
CVE-2024-12133 Libtasn1 vulnerability
Title: Libtasn1 vulnerability
Summary: Libtasn1 could be made to crash if it received specially crafted network
traffic.
USN-7275-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Bing Shi discovered that Libtasn1 inefficiently handled certificates. An
attacker could possibly use this issue to increase resource utilization
leading to a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Libtasn1 vulnerability
vendor_ubuntu·2025-02-18
CVE-2024-12133 Libtasn1 vulnerability
Title: Libtasn1 vulnerability
Summary: Libtasn1 could be made to crash if it received specially crafted network
traffic.
Bing Shi discovered that Libtasn1 inefficiently handled certificates. An
attacker could possibly use this issue to increase resource utilization
leading to a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
vendor_msrc·2025-02-11·CVSS 5.3
CVE-2024-12133 [MEDIUM] CWE-407 Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Red Hat
libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS
vendor_redhat·2025-02-10·CVSS 5.3
CVE-2024-12133 [MEDIUM] CWE-407 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS
libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
Package: libtasn1 (Red Hat Enterprise Linux 10) - Affe
Debian
CVE-2024-12133: libtasn1-6 - A flaw in libtasn1 causes inefficient handling of specific certificate data. Whe...
vendor_debian·2024·CVSS 5.3
CVE-2024-12133 [MEDIUM] CVE-2024-12133: libtasn1-6 - A flaw in libtasn1 causes inefficient handling of specific certificate data. Whe...
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
Scope: local
bookworm: resolved (fixed in 4.19.0-2+deb12u1)
bullseye: resolved (fixed in 4.16.0-2+deb11u2)
forky: resolved (fixed in 4.20.0-1)
sid: resolved (fixed in 4.20.0-1)
trixie: resolved (fixed in 4.20.0-1)
GHSA
GHSA-j3qr-8f3v-fgjj: A flaw in libtasn1 causes inefficient handling of specific certificate data
ghsa_unreviewed·2025-02-10
CVE-2024-12133 [MEDIUM] CWE-407 GHSA-j3qr-8f3v-fgjj: A flaw in libtasn1 causes inefficient handling of specific certificate data
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
OSV
CVE-2024-12133: A flaw in libtasn1 causes inefficient handling of specific certificate data
osv·2025-02-10·CVSS 5.3
CVE-2024-12133 [MEDIUM] CVE-2024-12133: A flaw in libtasn1 causes inefficient handling of specific certificate data
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
No detection rules found.
No public exploits indexed.
https://access.redhat.com/errata/RHSA-2025:17347https://access.redhat.com/errata/RHSA-2025:4049https://access.redhat.com/errata/RHSA-2025:7077https://access.redhat.com/errata/RHSA-2025:8021https://access.redhat.com/errata/RHSA-2025:8385https://access.redhat.com/errata/RHSA-2026:30849https://access.redhat.com/errata/RHSA-2026:30850https://access.redhat.com/errata/RHSA-2026:33125https://access.redhat.com/security/cve/CVE-2024-12133https://bugzilla.redhat.com/show_bug.cgi?id=2344611https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.mdhttps://gitlab.com/gnutls/libtasn1/-/issues/52http://www.openwall.com/lists/oss-security/2025/02/06/6https://lists.debian.org/debian-lts-announce/2025/02/msg00025.htmlhttps://security.netapp.com/advisory/ntap-20250523-0003/https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-202008.html
2025-02-10
Published