CVE-2014-3467

First published: Wed May 28 2014(Updated: )

Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. The libtasn1 library is used by the GnuTLS library to parse X.509 certificates. The gnutls packages in Red Hat Enterprise Linux 5 and earlier use bundled libtasn1, packages in Red Hat Enterprise Linux 6 and later depend on the library provided by a separate libtasn1 package. Upstream commits: <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e30d19edbbc3a962b2266029f3cc">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e30d19edbbc3a962b2266029f3cc</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=0e80d79db71747644394fe3472dad28cd3e7b00b">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=0e80d79db71747644394fe3472dad28cd3e7b00b</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=154909136c12cfa5c60732b7210827dfb1ec6aee">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=154909136c12cfa5c60732b7210827dfb1ec6aee</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=37a16434131c6ad8745b9accefec5cecb4cbb5b7">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=37a16434131c6ad8745b9accefec5cecb4cbb5b7</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=cc10a8c5443c751d920cfaca1f104089e43296be">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=cc10a8c5443c751d920cfaca1f104089e43296be</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=6fee6745b1bd1a82f16ae9b607855a3e3ab39fc6">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=6fee6745b1bd1a82f16ae9b607855a3e3ab39fc6</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=af0e8cd0bacf47ecce049165d3bc1ed9e861df1c">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=af0e8cd0bacf47ecce049165d3bc1ed9e861df1c</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=609d5c1366fb424f6150c4eed358d246e61cf204">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=609d5c1366fb424f6150c4eed358d246e61cf204</a> <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda445056ca9a7533bae258acd3ecb">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda445056ca9a7533bae258acd3ecb</a>

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/remedy
• agent/first-publish-date
• agent/severity
• agent/author
• agent/description
• collector/nvd-index
• agent/software-canonical-lookup-request
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2014-3467
• agent/software-canonical-lookup
• agent/tags
• agent/event
• agent/trending
• vendor/gnu
• canonical/gnu gnutls
• canonical/gnu libtasn1
• vendor/redhat
• canonical/redhat virtualization
• version/redhat virtualization/6.0
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/7.0
• canonical/redhat enterprise linux desktop
• version/redhat enterprise linux desktop/5.0
• version/redhat enterprise linux desktop/6.0
• version/redhat enterprise linux desktop/7.0
• canonical/redhat enterprise linux eus
• version/redhat enterprise linux eus/6.5
• version/redhat enterprise linux eus/7.3
• version/redhat enterprise linux eus/7.4
• version/redhat enterprise linux eus/7.5
• version/redhat enterprise linux eus/7.6
• version/redhat enterprise linux eus/7.7
• canonical/redhat enterprise linux server
• version/redhat enterprise linux server/5.0
• version/redhat enterprise linux server/6.0
• version/redhat enterprise linux server/7.0
• canonical/redhat enterprise linux server aus
• version/redhat enterprise linux server aus/6.5
• version/redhat enterprise linux server aus/7.3
• version/redhat enterprise linux server aus/7.4
• version/redhat enterprise linux server aus/7.6
• version/redhat enterprise linux server aus/7.7
• canonical/redhat enterprise linux server tus
• version/redhat enterprise linux server tus/6.5
• version/redhat enterprise linux server tus/7.3
• version/redhat enterprise linux server tus/7.6
• version/redhat enterprise linux server tus/7.7
• canonical/redhat enterprise linux workstation
• version/redhat enterprise linux workstation/5.0
• version/redhat enterprise linux workstation/6.0
• version/redhat enterprise linux workstation/7.0
• vendor/suse
• canonical/suse linux enterprise desktop
• version/suse linux enterprise desktop/11-sp3
• canonical/suse linux enterprise high availability extension
• version/suse linux enterprise high availability extension/11-sp3
• canonical/suse linux enterprise server
• version/suse linux enterprise server/11-sp1
• version/suse linux enterprise server/11-sp2
• version/suse linux enterprise server/11-sp3
• canonical/suse linux enterprise software development kit
• version/suse linux enterprise software development kit/11-sp3
• vendor/f5
• canonical/f5 arx firmware
• version/f5 arx firmware/6.0.0
• version/f5 arx firmware/6.4.0
• canonical/f5 arx
• package-manager/redhat