Advisories » MGASA-2025-0043

Updated libtasn1 packages fix security vulnerability

Publication date: 08 Feb 2025
Modification date: 08 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12133

Description

When an input DER data contains a large number of SEQUENCE OF or SET OF
elements, decoding the data and searching a specific element in it take
quadratic time to complete. This could be utilized for a remote DoS
attack by presenting a crafted certificate to the network peer.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33993
• https://www.openwall.com/lists/oss-security/2025/02/06/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133

SRPMS

9/core

• libtasn1-4.20.0-1.mga9