IM
IronMonkey Threat Research

CVE-2024-12133 MEDIUM

Published: 2025-02-10 | Last Modified: 2026-06-30 | Status: Deferred

Description

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

Additional Descriptions (1)

Una falla en libtasn1 provoca un manejo ineficiente de datos de certificados específicos. Al procesar una gran cantidad de elementos en un certificado, libtasn1 tarda mucho más de lo esperado, lo que puede ralentizar o incluso bloquear el sistema. Esta falla permite que un atacante envíe un certificado especialmente manipulado, lo que provoca un ataque de denegación de servicio.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-407
Notification
Message here