CVE-2024-12133

MEDIUM

libtasn1 - Denial of Service

Title source: llm

Description

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

References (14)

Core 14

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/02/06/6

Issue Tracking

https://gitlab.com/gnutls/libtasn1/-/issues/52

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250523-0003/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17347

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:4049

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7077

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8021

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8385

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-12133

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2344611

https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-202008.html

Scores

CVSS v3 5.3

EPSS 0.0103

EPSS Percentile 58.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-407

Status published

Products (11)

Red Hat/Red Hat Discovery 1.14 sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644

Red Hat/Red Hat Discovery 1.14 sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c

Red Hat/Red Hat Discovery 1.14 sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:4.13-5.el8_10

Red Hat/Red Hat Enterprise Linux 9 0:4.16.0-9.el9

Red Hat/Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 0:4.16.0-8.el9_2.1

Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support 0:4.16.0-8.el9_4.1

... and 1 more

Published Feb 10, 2025

Tracked Since Feb 18, 2026