CVE-2014-3467

Published on: 06/05/2014 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:25:46 PM UTC

CVE-2014-3467

Certain versions of Debian Linux from Debian contain the following vulnerability:

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

CVE-2014-3467 has been assigned by [email protected] to track the vulnerability

CVSS2 Score: 5 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
NONE	NONE	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
linux.oracle.com \| ELSA-2014-0594 - gnutls security update	Third Party Advisory linux.oracle.com text/html	CONFIRM linux.oracle.com/errata/ELSA-2014-0594.html
Security Advisory SA61888 - Debian update for libtasn1-3 - Secunia	Third Party Advisory web.archive.org text/html	SECUNIA 61888
Security Advisory SA58614 - Red Hat update for libtasn1 - Secunia	Third Party Advisory web.archive.org text/html	SECUNIA 58614
No Description Provided	Third Party Advisory support.f5.com text/html	CONFIRM support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
Debian -- Security Information -- DSA-3056-1 libtasn1-3	Third Party Advisory www.debian.org Depreciated Link text/html	DEBIAN DSA-3056
No Description Provided	Third Party Advisory www.novell.com text/html	CONFIRM www.novell.com/support/kb/doc.php?id=7015302
About Secunia Research \| Flexera	Third Party Advisory web.archive.org text/html	SECUNIA 60415
About Secunia Research \| Flexera	Third Party Advisory secunia.com Depreciated Link text/plain	SECUNIA 59057
No Description Provided	Third Party Advisory www.novell.com text/html	CONFIRM www.novell.com/support/kb/doc.php?id=7015303
Security Advisory SA59408 - Novell Open Enterprise Server GnuTLS Multiple Vulnerabilities - Secunia	Third Party Advisory web.archive.org text/html	SECUNIA 59408
Security Advisory SA59021 - Oracle Linux update for gnutls - Secunia	Third Party Advisory web.archive.org text/html	SECUNIA 59021
About Secunia Research \| Flexera	Third Party Advisory web.archive.org text/html	SECUNIA 60320
1102022 – (CVE-2014-3467) CVE-2014-3467 libtasn1: multiple boundary check issues	Issue Tracking Patch Third Party Advisory bugzilla.redhat.com text/html	CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1102022
Security Advisory SA58591 - Oracle Linux update for libtasn1 - Secunia	Third Party Advisory web.archive.org text/html	SECUNIA 58591
Red Hat Customer Portal	Third Party Advisory web.archive.org text/html Inactive LinkNot Archived	REDHAT RHSA-2014:0815
Red Hat Customer Portal	Third Party Advisory web.archive.org text/html Inactive LinkNot Archived	REDHAT RHSA-2014:0596
linux.oracle.com \| ELSA-2014-0596 - libtasn1 security update	Third Party Advisory linux.oracle.com text/html	CONFIRM linux.oracle.com/errata/ELSA-2014-0596.html
Red Hat Customer Portal	Third Party Advisory web.archive.org text/html Inactive LinkNot Archived	REDHAT RHSA-2014:0687
GNU Libtasn1 3.6 released	Patch Vendor Advisory lists.gnu.org text/html	MLIST [help-libtasn1] 20140525 GNU Libtasn1 3.6 released
Support / Security / Advisories / / MDVSA-2015:116 \| Mandriva	Third Party Advisory www.mandriva.com text/html	MANDRIVA MDVSA-2015:116
Mageia Advisory: MGASA-2014-0247 - Updated libtasn1 packages fix CVE-2014-3467-9	Third Party Advisory advisories.mageia.org text/html	CONFIRM advisories.mageia.org/MGASA-2014-0247.html
[security-announce] SUSE-SU-2014:0788-1: important: Security update for	Mailing List Third Party Advisory lists.opensuse.org text/html	SUSE SUSE-SU-2014:0788
Red Hat Customer Portal	Third Party Advisory web.archive.org text/html Inactive LinkNot Archived	REDHAT RHSA-2014:0594
[security-announce] SUSE-SU-2014:0758-1: important: Security update for	Mailing List Third Party Advisory lists.opensuse.org text/html	SUSE SUSE-SU-2014:0758

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

900178 CBL-Mariner Linux Security Update for gnutls 3.6.14

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Hardware	F5	Arx	-	All	All	All
Hardware	F5	Arx	-	All	All	All
Operating System	F5	Arx Firmware	All	All	All	All
Application	Gnu	Gnutls	All	All	All	All
Application	Gnu	Gnutls	All	All	All	All
Application	Gnu	Libtasn1	All	All	All	All
Application	Gnu	Libtasn1	All	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	6.5	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.5	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Eus	6.5	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.5	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Server	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	6.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	6.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	6.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	6.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All
Application	Redhat	Virtualization	6.0	All	All	All
Application	Redhat	Virtualization	6.0	All	All	All
Operating System	Suse	Linux Enterprise Desktop	11	sp3	All	All
Operating System	Suse	Linux Enterprise Desktop	11	sp3	All	All
Operating System	Suse	Linux Enterprise High Availability Extension	11	sp3	All	All
Operating System	Suse	Linux Enterprise High Availability Extension	11	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp1	All	All
Operating System	Suse	Linux Enterprise Server	11	sp2	All	All
Operating System	Suse	Linux Enterprise Server	11	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp1	All	All
Operating System	Suse	Linux Enterprise Server	11	sp2	All	All
Operating System	Suse	Linux Enterprise Server	11	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp3	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	11	sp3	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	11	sp3	All	All

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*:
cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*:
cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*:
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*:
cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*:
cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*:
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*:
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*:
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*:
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*:
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*:
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE