CVE-2014-3468

Published on: 06/05/2014 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:25:45 PM UTC

AV:N/AC:L/Au:N/C:P/I:P/A:P

Certain versions of Debian Linux from Debian contain the following vulnerability:

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
linux.oracle.com | ELSA-2014-0594 - gnutls security update Third Party Advisory
linux.oracle.com
text/html
URL Logo CONFIRM linux.oracle.com/errata/ELSA-2014-0594.html
Security Advisory SA61888 - Debian update for libtasn1-3 - Secunia Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 61888
Security Advisory SA58614 - Red Hat update for libtasn1 - Secunia Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 58614
No Description Provided Third Party Advisory
support.f5.com
text/html
URL Logo CONFIRM support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
Debian -- Security Information -- DSA-3056-1 libtasn1-3 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3056
No Description Provided Third Party Advisory
www.novell.com
text/html
URL Logo CONFIRM www.novell.com/support/kb/doc.php?id=7015302
About Secunia Research | Flexera Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 60415
About Secunia Research | Flexera Third Party Advisory
secunia.com
Depreciated Link
text/plain
URL Logo SECUNIA 59057
No Description Provided Third Party Advisory
www.novell.com
text/html
URL Logo CONFIRM www.novell.com/support/kb/doc.php?id=7015303
libtasn1.git - GNU libtasn1 Patch
Vendor Advisory
git.savannah.gnu.org
text/html
URL Logo CONFIRM git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f
Security Advisory SA59408 - Novell Open Enterprise Server GnuTLS Multiple Vulnerabilities - Secunia Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 59408
Security Advisory SA59021 - Oracle Linux update for gnutls - Secunia Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 59021
About Secunia Research | Flexera Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 60320
Security Advisory SA58591 - Oracle Linux update for libtasn1 - Secunia Third Party Advisory
web.archive.org
text/html
URL Logo SECUNIA 58591
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2014:0815
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2014:0596
linux.oracle.com | ELSA-2014-0596 - libtasn1 security update Third Party Advisory
linux.oracle.com
text/html
URL Logo CONFIRM linux.oracle.com/errata/ELSA-2014-0596.html
1102323 – (CVE-2014-3468) CVE-2014-3468 libtasn1: asn1_get_bit_der() can return negative bit length Issue Tracking
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1102323
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2014:0687
GNU Libtasn1 3.6 released Mailing List
Patch
Vendor Advisory
lists.gnu.org
text/html
URL Logo MLIST [help-libtasn1] 20140525 GNU Libtasn1 3.6 released
Support / Security / Advisories / / MDVSA-2015:116 | Mandriva Third Party Advisory
www.mandriva.com
text/html
URL Logo MANDRIVA MDVSA-2015:116
Mageia Advisory: MGASA-2014-0247 - Updated libtasn1 packages fix CVE-2014-3467-9 Third Party Advisory
advisories.mageia.org
text/html
URL Logo CONFIRM advisories.mageia.org/MGASA-2014-0247.html
[security-announce] SUSE-SU-2014:0788-1: important: Security update for Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2014:0788
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2014:0594
[security-announce] SUSE-SU-2014:0758-1: important: Security update for Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2014:0758

Related QID Numbers

  • 900178 CBL-Mariner Linux Security Update for gnutls 3.6.14

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Hardware Device InfoF5Arx-AllAllAll
Hardware Device InfoF5Arx-AllAllAll
Operating
System
F5Arx FirmwareAllAllAllAll
ApplicationGnuGnutlsAllAllAllAll
ApplicationGnuGnutlsAllAllAllAll
ApplicationGnuLibtasn1AllAllAllAll
ApplicationGnuLibtasn1AllAllAllAll
Operating
System
RedhatEnterprise Linux Desktop5.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop5.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Eus6.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Eus6.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server5.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server5.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus6.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus6.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus6.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus6.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Workstation5.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation5.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
ApplicationRedhatVirtualization6.0AllAllAll
ApplicationRedhatVirtualization6.0AllAllAll
Operating
System
SuseLinux Enterprise Desktop11sp3AllAll
Operating
System
SuseLinux Enterprise Desktop11sp3AllAll
Operating
System
SuseLinux Enterprise High Availability Extension11sp3AllAll
Operating
System
SuseLinux Enterprise High Availability Extension11sp3AllAll
Operating
System
SuseLinux Enterprise Server11sp1AllAll
Operating
System
SuseLinux Enterprise Server11sp2AllAll
Operating
System
SuseLinux Enterprise Server11sp3AllAll
Operating
System
SuseLinux Enterprise Server11sp3AllAll
Operating
System
SuseLinux Enterprise Server11sp1AllAll
Operating
System
SuseLinux Enterprise Server11sp2AllAll
Operating
System
SuseLinux Enterprise Server11sp3AllAll
Operating
System
SuseLinux Enterprise Server11sp3AllAll
Operating
System
SuseLinux Enterprise Software Development Kit11sp3AllAll
Operating
System
SuseLinux Enterprise Software Development Kit11sp3AllAll
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*:
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*:
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*:
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report