GnuTLS: Inefficient Algorithmic Complexity leading to denial of service (CVE-2024-12243) #shorts

Summary

In today's podcast, we're diving into CVE-2024-12243, a notable vulnerability affecting the popular GnuTLS library. This flaw, tied to GnuTLS's reliance on libtasn1, has been identified as causing significant performance degradation, potentially leading to a denial-of-service condition.

Product details

CVE-2024-12243 impacts several releases of Red Hat Enterprise Linux, including versions 6 through 9, as well as the Red Hat OpenShift Container Platform version 4. The affected component is GnuTLS, a library crucial for implementing secure network communication protocols.

Vulnerability type summary

This vulnerability is categorized under 'Inefficient Algorithmic Complexity.' It represents an issue where an algorithm inadequately manages resources, leading to excessive computational demand under certain conditions.

Details of the vulnerability

The root of the issue lies in GnuTLS's dependence on libtasn1 for ASN.1 data processing. An ineffective algorithmic approach in libtasn1 when decoding certain DER-encoded certificate data results in pronounced performance slowdowns and increased resource usage. This allows a remote attacker to exploit the vulnerability by sending a specially crafted certificate, causing GnuTLS to become either unresponsive or significantly delayed, thus facilitating a denial-of-service scenario.

Conclusion

To mitigate the risks associated with CVE-2024-12243, it's important for systems using affected GnuTLS versions to implement the security updates promptly. Fedora has already released updates for Fedora 40 and Fedora 41 to address this flaw. System administrators should ensure their systems are updated to prevent potential exploitation and maintain system performance integrity.

Watch the full video on YouTube: CVE-2024-12243

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-12243
Description
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
Provider
redhat
CWE / problem types
Inefficient Algorithmic Complexity
Affected Software Versions
None:None:[{'status': 'affected', 'version': '0', 'versionType': 'semver', 'lessThanOrEqual': '3.6.16'}, {'status': 'affected', 'version': '3.7.0', 'versionType': 'semver', 'lessThanOrEqual': '3.7.11'}, {'status': 'affected', 'version': '3.8.0', 'lessThan': '3.8.8', 'versionType': 'semver'}, {'status': 'unaffected', 'version': '3.8.9', 'lessThan': '*', 'versionType': 'semver'}],Red Hat:Red Hat Enterprise Linux 8:[{'version': '0:3.6.16-8.el8_10.3', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8:[{'version': '0:3.6.16-8.el8_10.3', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 6:None,Red Hat:Red Hat Enterprise Linux 7:None,Red Hat:Red Hat Enterprise Linux 9:None,Red Hat:Red Hat OpenShift Container Platform 4:None
Date Published
2025-02-10T15:28:10.328Z
Last Updated
2025-05-09T21:29:51.139Z