CVE-2024-12133 — Inefficient Algorithmic Complexity in Libtasn1-6

CWE-407 — Inefficient Algorithmic Complexity12 documents9 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 35.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libtasn1-6 Msrc Azl3 Gnutls 3.8.3-3 ON Azure Linux 3.0 Msrc Azl3 Gnutls 3.8.3-4 ON Azure Linux 3.0 +4 more

Timeline

PublishedFeb 10

Latest updateJan 15

Description

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

▶debiandebian/libtasn1-6< libtasn1-6 4.19.0-2+deb12u1 (bookworm)

▶msrcmsrc/azl3_libtasn1_4.19.0-2_on_azure_linux_3.0

▶msrcmsrc/cbl2_libtasn1_4.19.0-2_on_cbl_mariner_2.0

▶msrcmsrc/azl3_gnutls_3.8.3-3_on_azure_linux_3.0

▶msrcmsrc/azl3_gnutls_3.8.3-4_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-j3qr-8f3v-fgjj: A flaw in libtasn1 causes inefficient handling of specific certificate data↗2025-02-10

▶

OSV

CVE-2024-12133: A flaw in libtasn1 causes inefficient handling of specific certificate data↗2025-02-10

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Core (Libtasn1) — CVE-2024-12133↗2026-01-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Installation (Libtasn1) — CVE-2024-12133↗2025-10-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Install/Upgrade (Libtasn1) — CVE-2024-12133↗2025-07-15

▶

CISA ICS

Siemens SIMATIC S7-1500 CPU Family↗2025-06-12

▶

Ubuntu

Libtasn1 vulnerability↗2025-02-20

▶