CVE-2014-3468

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls; Libtasn1
Vendor: CVE Published:; 5 June 2014

Summary

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

References

http://secunia.com/advisories/60320

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-3056

vendor-advisoryx_refsource_DEBIAN

http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 5, 2014
Vulnerability Reserved
May 14, 2014