Out-of-Bounds Access Vulnerability in GNU Libtasn1 Affected by Incorrect Error Reporting
CVE-2014-3468

Currently unrated

Key Information:

Vendor
Gnu
Vendor
CVE Published:
5 June 2014

Summary

The asn1_get_bit_der function in GNU Libtasn1 prior to version 3.6 fails to correctly handle a negative bit length when processing ASN.1 data. This oversight can lead to out-of-bounds access, allowing context-dependent attackers to exploit the vulnerability by submitting maliciously crafted ASN.1 data. This vulnerability highlights the importance of proper error handling in software libraries to mitigate potential security risks.

References

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.