A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | gnutls-0:3.6.16-8.el8_10.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | gnutls-0:3.6.16-8.el8_10.3 | * |
| Red Hat Enterprise Linux 9 | RedHat | gnutls-0:3.8.3-6.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | gnutls-0:3.8.3-6.el9 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | gnutls-0:3.7.6-21.el9_2.4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | gnutls-0:3.8.3-4.el9_4.2 | * |
| Red Hat Discovery 1.14 | RedHat | discovery/discovery-server-rhel9:sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c | * |
| Red Hat Discovery 1.14 | RedHat | discovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644 | * |
| Gnutls28 | Ubuntu | devel | * |
| Gnutls28 | Ubuntu | esm-infra/focal | * |
| Gnutls28 | Ubuntu | fips-preview/jammy | * |
| Gnutls28 | Ubuntu | fips-updates/jammy | * |
| Gnutls28 | Ubuntu | fips-updates/noble | * |
| Gnutls28 | Ubuntu | focal | * |
| Gnutls28 | Ubuntu | jammy | * |
| Gnutls28 | Ubuntu | noble | * |
| Gnutls28 | Ubuntu | oracular | * |
| Gnutls28 | Ubuntu | plucky | * |
| Gnutls28 | Ubuntu | questing | * |
| Gnutls28 | Ubuntu | upstream | * |