Jump to:

CVE-2024-12243

Jump to:

CVE-2024-12243

Package gnutls30 updated to version 3.8.9-alt1 for branch sisyphus in task 375558.

Published: 2025-02-10
Modified: 2025-02-22

CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

References:

https://access.redhat.com/security/cve/CVE-2024-12243
RHBZ#2344615
https://gitlab.com/gnutls/libtasn1/-/issues/52
https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html

Version: 2.1.0

Package gnutls30 update in sisyphus on 2025-02-21

ALT-PU-2025-3308-2

Closed vulnerabilities

CVE-2024-12243