Out-of-Bounds Access Vulnerability in GNU Libtasn1 Affected by Incorrect Error Reporting
CVE-2014-3468

Currently unrated

Key Information:

Vendor

Gnu
Status
Gnutls
Libtasn1
Vendor
CVE Published:
5 June 2014

What is CVE-2014-3468?

The asn1_get_bit_der function in GNU Libtasn1 prior to version 3.6 fails to correctly handle a negative bit length when processing ASN.1 data. This oversight can lead to out-of-bounds access, allowing context-dependent attackers to exploit the vulnerability by submitting maliciously crafted ASN.1 data. This vulnerability highlights the importance of proper error handling in software libraries to mitigate potential security risks.

References

http://secunia.com/advisories/60320
third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3056
vendor-advisoryx_refsource_DEBIAN
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=...
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-3468 : Out-of-Bounds Access Vulnerability in GNU Libtasn1 Affected by Incorrect Error Reporting