Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-12243

created 4 months, 3 weeks ago

Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Affected products

rhcos

gnutls

<3.8.8
=<3.7.11
=<3.6.16
*

discovery/discovery-ui-rhel9

*

discovery/discovery-server-rhel9

*

registry.redhat.io/discovery/discovery-ui-rhel9

*

registry.redhat.io/discovery/discovery-server-rhel9

*

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable -
- nixpkgs-unstable 3.8.10

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable -
- nixpkgs-unstable 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>