CVE-2024-12243
Publication date 10 February 2025
Last updated 20 February 2025
Ubuntu priority
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gnutls28 | 24.10 oracular |
Fixed 3.8.6-2ubuntu1.1
|
| 24.04 LTS noble |
Fixed 3.8.3-1.1ubuntu3.3
|
|
| 22.04 LTS jammy |
Fixed 3.7.3-4ubuntu1.6
|
|
| 20.04 LTS focal |
Fixed 3.6.13-2ubuntu1.12
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-7281-1
- GnuTLS vulnerability
- 20 February 2025