Out-of-Bounds Access Vulnerability in GNU Libtasn1 Affected by Incorrect Error Reporting
CVE-2014-3468
Currently unrated
Summary
The asn1_get_bit_der function in GNU Libtasn1 prior to version 3.6 fails to correctly handle a negative bit length when processing ASN.1 data. This oversight can lead to out-of-bounds access, allowing context-dependent attackers to exploit the vulnerability by submitting maliciously crafted ASN.1 data. This vulnerability highlights the importance of proper error handling in software libraries to mitigate potential security risks.
References
EPSS Score
6% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved