| Name | CVE-2024-12243 |
| Description | A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-4063-1, DSA-5867-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gnutls28 (PTS) | bullseye | 3.7.1-5+deb11u5 | vulnerable |
| bullseye (security) | 3.7.1-5+deb11u8 | fixed | |
| bookworm, bookworm (security) | 3.7.9-2+deb12u5 | fixed | |
| trixie | 3.8.9-3 | fixed | |
| forky, sid | 3.8.10-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gnutls28 | source | experimental | 3.8.9-1 | |||
| gnutls28 | source | bullseye | 3.7.1-5+deb11u7 | DLA-4063-1 | ||
| gnutls28 | source | bookworm | 3.7.9-2+deb12u4 | DSA-5867-1 | ||
| gnutls28 | source | (unstable) | 3.8.9-2 |
https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07
https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html
https://gitlab.com/gnutls/gnutls/-/issues/1553
Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892 (3.8.9)