Out-of-Bounds Access Vulnerability in GNU Libtasn1 Affected by Incorrect Error Reporting
CVE-2014-3468

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls; Libtasn1
Vendor: CVE Published:; 5 June 2014

Summary

The asn1_get_bit_der function in GNU Libtasn1 prior to version 3.6 fails to correctly handle a negative bit length when processing ASN.1 data. This oversight can lead to out-of-bounds access, allowing context-dependent attackers to exploit the vulnerability by submitting maliciously crafted ASN.1 data. This vulnerability highlights the importance of proper error handling in software libraries to mitigate potential security risks.

References

http://secunia.com/advisories/60320

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-3056

vendor-advisoryx_refsource_DEBIAN

http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 5, 2014
Vulnerability Reserved
May 14, 2014