IM
IronMonkey Threat Research

CVE-2024-12243 MEDIUM

Published: 2025-02-10 | Last Modified: 2026-05-12 | Status: Deferred

Description

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Additional Descriptions (1)

Se encontró una falla en GnuTLS, que depende de libtasn1 para el procesamiento de datos ASN.1. Debido a un algoritmo ineficiente en libtasn1, la decodificación de ciertos datos de certificados codificados en DER puede llevar demasiado tiempo, lo que genera un mayor consumo de recursos. Esta falla permite que un atacante remoto envíe un certificado especialmente manipulado, lo que hace que GnuTLS deje de responder o funcione lentamente, lo que resulta en una condición de denegación de servicio.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-407
Notification
Message here