CVE-2024-12243

moderate-risk

Published 2025-02-10

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Do I need to act?

1.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (11)

https://access.redhat.com/errata/RHSA-2025:17361

https://access.redhat.com/errata/RHSA-2025:4051

https://access.redhat.com/errata/RHSA-2025:7076

https://access.redhat.com/errata/RHSA-2025:8020

https://access.redhat.com/errata/RHSA-2025:8385

https://access.redhat.com/security/cve/CVE-2024-12243

https://bugzilla.redhat.com/show_bug.cgi?id=2344615

https://gitlab.com/gnutls/gnutls/-/issues/1553

https://gitlab.com/gnutls/libtasn1/-/issues/52

https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html

https://security.netapp.com/advisory/ntap-20250523-0002/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 4/34 · Minimal

Exposure 5/34 · Minimal