We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-12401

Cert-manager: potential dos when parsing specially crafted pem inputs



Description

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

Reserved 2024-12-10 | Published 2024-12-12 | Updated 2024-12-12 | Assigner redhat


MEDIUM: 4.4CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Problem types

Improper Input Validation

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2024-11-21:Reported to Red Hat.
2024-11-21:Made public.

References

access.redhat.com/security/cve/CVE-2024-12401 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2327929 (RHBZ#2327929) issue-tracking

github.com/cert-manager/cert-manager/pull/7400

github.com/cert-manager/cert-manager/pull/7401

github.com/cert-manager/cert-manager/pull/7402

github.com/cert-manager/cert-manager/pull/7403

github.com/...anager/security/advisories/GHSA-r4pg-vg54-wxx4

go.dev/issue/50116

cve.org (CVE-2024-12401)

nvd.nist.gov (CVE-2024-12401)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-12401

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.