Description
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Published: 2024-12-12
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-3471 A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Github GHSA Github GHSA GHSA-ghw8-3xqw-hhcj Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
History

Fri, 23 May 2025 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat connectivity Link
CPEs cpe:/a:redhat:hybrid_cloud_gateway:1::el9 cpe:/a:redhat:connectivity_link:1
Vendors & Products Redhat hybrid Cloud Gateway
Redhat connectivity Link

Thu, 12 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Dec 2024 13:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Thu, 12 Dec 2024 09:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Title Cert-manager: potential dos when parsing specially crafted pem inputs
First Time appeared Redhat
Redhat cert Manager
Redhat cryostat
Redhat hybrid Cloud Gateway
Redhat multicluster Engine
Redhat openshift
Redhat openshift Data Foundation
Redhat openshift Gitops
Redhat serverless
Weaknesses CWE-20
CPEs cpe:/a:redhat:cert_manager:1
cpe:/a:redhat:cryostat:3
cpe:/a:redhat:hybrid_cloud_gateway:1::el9
cpe:/a:redhat:multicluster_engine
cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift_data_foundation:4
cpe:/a:redhat:openshift_gitops:1
cpe:/a:redhat:serverless:1
Vendors & Products Redhat
Redhat cert Manager
Redhat cryostat
Redhat hybrid Cloud Gateway
Redhat multicluster Engine
Redhat openshift
Redhat openshift Data Foundation
Redhat openshift Gitops
Redhat serverless
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Cert Manager Connectivity Link Cryostat Multicluster Engine Openshift Openshift Data Foundation Openshift Gitops Serverless
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-27T00:16:07.970Z

Reserved: 2024-12-10T13:30:10.806Z

Link: CVE-2024-12401

cve-icon Vulnrichment

Updated: 2024-12-12T15:21:22.005Z

cve-icon NVD

Status : Deferred

Published: 2024-12-12T09:15:05.790

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-12401

cve-icon Redhat

Severity : Low

Publid Date: 2024-11-21T19:52:52Z

Links: CVE-2024-12401 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses