DEBIAN-CVE-2024-12133

Source
https://security-tracker.debian.org/tracker/CVE-2024-12133
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-12133.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-12133
Upstream
Published
2025-02-10T16:15:37Z
Modified
2025-09-19T07:33:47.938797Z
Summary
[none]
Details

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

References

Affected packages

Debian:11 / libtasn1-6

Package

Name
libtasn1-6
Purl
pkg:deb/debian/libtasn1-6?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.0-2+deb11u2

Affected versions

4.*

4.16.0-2
4.16.0-2+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libtasn1-6

Package

Name
libtasn1-6
Purl
pkg:deb/debian/libtasn1-6?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.0-2+deb12u1

Affected versions

4.*

4.19.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libtasn1-6

Package

Name
libtasn1-6
Purl
pkg:deb/debian/libtasn1-6?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.20.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libtasn1-6

Package

Name
libtasn1-6
Purl
pkg:deb/debian/libtasn1-6?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.20.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}