CVE - CVE-2014-3468

CVE-ID
CVE-2014-3468	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://advisories.mageia.org/MGASA-2014-0247.html CONFIRM:http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f CONFIRM:http://linux.oracle.com/errata/ELSA-2014-0594.html CONFIRM:http://linux.oracle.com/errata/ELSA-2014-0596.html CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015302 CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015303 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1102323 DEBIAN:DSA-3056 URL:http://www.debian.org/security/2014/dsa-3056 MANDRIVA:MDVSA-2015:116 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:116~~ (Obsolete source) MLIST:[help-libtasn1] 20140525 GNU Libtasn1 3.6 released URL:http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html REDHAT:RHSA-2014:0594 URL:http://rhn.redhat.com/errata/RHSA-2014-0594.html REDHAT:RHSA-2014:0596 URL:http://rhn.redhat.com/errata/RHSA-2014-0596.html REDHAT:RHSA-2014:0687 URL:http://rhn.redhat.com/errata/RHSA-2014-0687.html REDHAT:RHSA-2014:0815 URL:http://rhn.redhat.com/errata/RHSA-2014-0815.html SECUNIA:58591 URL:http://secunia.com/advisories/58591 SECUNIA:58614 URL:http://secunia.com/advisories/58614 SECUNIA:59021 URL:http://secunia.com/advisories/59021 SECUNIA:59057 URL:http://secunia.com/advisories/59057 SECUNIA:59408 URL:http://secunia.com/advisories/59408 SECUNIA:60320 URL:http://secunia.com/advisories/60320 SECUNIA:60415 URL:http://secunia.com/advisories/60415 SECUNIA:61888 URL:http://secunia.com/advisories/61888 SUSE:SUSE-SU-2014:0758 URL:http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html SUSE:SUSE-SU-2014:0788 URL:http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20140514	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140514)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)