CVE-2014-3468

2014-06-0520:55:00

CWE-131

[email protected]

web.nvd.nist.gov

cve-2014-3468

gnu libtasn1

security vulnerability

asn.1

out-of-bounds access

5.1 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

CPENameOperatorVersion
gnu:gnutlsgnu gnutlslt3.5.7
gnu:libtasn1gnu libtasn1lt3.6
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0
debian:debian_linuxdebian debian linuxeq7.0
redhat:enterprise_linux_server_ausredhat enterprise linux server auseq6.5
redhat:enterprise_linux_server_tusredhat enterprise linux server tuseq6.5

CPE	Name	Operator	Version
gnu:gnutls	gnu gnutls	lt	3.5.7
gnu:libtasn1	gnu libtasn1	lt	3.6
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0
debian:debian_linux	debian debian linux	eq	7.0
redhat:enterprise_linux_server_aus	redhat enterprise linux server aus	eq	6.5
redhat:enterprise_linux_server_tus	redhat enterprise linux server tus	eq	6.5