CVE-2024-12243 — Inefficient Algorithmic Complexity in Azl3 Gnutls 3.8.3-4 ON Azure Linux 3.0

CWE-407 — Inefficient Algorithmic Complexity8 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

1.7%

top 17.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gnutls28 Msrc Azl3 Gnutls 3.8.3-4 ON Azure Linux 3.0 Msrc Cbl2 Gnutls 3.7.11-3 ON CBL Mariner 2.0

Timeline

PublishedFeb 10

Latest updateJun 12

Description

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/gnutls28< gnutls28 3.7.9-2+deb12u4 (bookworm)

▶msrcmsrc/azl3_gnutls_3.8.3-4_on_azure_linux_3.0

▶msrcmsrc/cbl2_gnutls_3.7.11-3_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2024-12243: A flaw was found in GnuTLS, which relies on libtasn1 for ASN↗2025-02-10

▶

GHSA

GHSA-cqj4-fp95-jqxq: A flaw was found in GnuTLS, which relies on libtasn1 for ASN↗2025-02-10

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 CPU Family↗2025-06-12

▶

Ubuntu

GnuTLS vulnerability↗2025-02-20

▶

Microsoft

Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos↗2025-02-11

▶

Red Hat

gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS↗2025-02-10

▶

Debian

CVE-2024-12243: gnutls28 - A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. ...↗2024

▶