CVE-2014-3468

First published: Wed May 28 2014(Updated: )

It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. The following upstream commit corrects the issue and causes the function to report error rather than return negative length value: <a href="http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f">http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f</a>

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/remedy
• agent/references
• agent/first-publish-date
• agent/weakness
• agent/severity
• agent/author
• agent/description
• collector/nvd-index
• agent/software-canonical-lookup-request
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2014-3468
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/tags
• agent/event
• vendor/gnu
• canonical/gnu gnutls
• canonical/gnu libtasn1
• vendor/redhat
• canonical/redhat virtualization
• version/redhat virtualization/6.0
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/7.0
• canonical/redhat enterprise linux desktop
• version/redhat enterprise linux desktop/5.0
• version/redhat enterprise linux desktop/6.0
• version/redhat enterprise linux desktop/7.0
• canonical/redhat enterprise linux eus
• version/redhat enterprise linux eus/6.5
• version/redhat enterprise linux eus/7.3
• version/redhat enterprise linux eus/7.4
• version/redhat enterprise linux eus/7.5
• version/redhat enterprise linux eus/7.6
• version/redhat enterprise linux eus/7.7
• canonical/redhat enterprise linux server
• version/redhat enterprise linux server/5.0
• version/redhat enterprise linux server/6.0
• version/redhat enterprise linux server/7.0
• canonical/redhat enterprise linux server aus
• version/redhat enterprise linux server aus/6.5
• version/redhat enterprise linux server aus/7.3
• version/redhat enterprise linux server aus/7.4
• version/redhat enterprise linux server aus/7.6
• version/redhat enterprise linux server aus/7.7
• canonical/redhat enterprise linux server tus
• version/redhat enterprise linux server tus/6.5
• version/redhat enterprise linux server tus/7.3
• version/redhat enterprise linux server tus/7.6
• version/redhat enterprise linux server tus/7.7
• canonical/redhat enterprise linux workstation
• version/redhat enterprise linux workstation/5.0
• version/redhat enterprise linux workstation/6.0
• version/redhat enterprise linux workstation/7.0
• vendor/suse
• canonical/suse linux enterprise desktop
• version/suse linux enterprise desktop/11-sp3
• canonical/suse linux enterprise high availability extension
• version/suse linux enterprise high availability extension/11-sp3
• canonical/suse linux enterprise server
• version/suse linux enterprise server/11-sp1
• version/suse linux enterprise server/11-sp2
• version/suse linux enterprise server/11-sp3
• canonical/suse linux enterprise software development kit
• version/suse linux enterprise software development kit/11-sp3
• vendor/f5
• canonical/f5 arx firmware
• version/f5 arx firmware/6.0.0
• version/f5 arx firmware/6.4.0
• canonical/f5 arx
• package-manager/redhat