Denial of Service Vulnerability in GNU Libtasn1 by The Unix System Consortium
CVE-2014-3469

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls; Libtasn1
Vendor: CVE Published:; 5 June 2014

Summary

The asn1_read_value_type and asn1_read_value functions in GNU Libtasn1 versions prior to 3.6 are vulnerable to a denial of service. This vulnerability can be exploited by attackers to trigger a NULL pointer dereference when providing a NULL value in an ivalue argument, potentially leading to application crashes and service disruptions.

References

http://secunia.com/advisories/60320

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-3056

vendor-advisoryx_refsource_DEBIAN

http://www.novell.com/support/kb/doc.php?id=7015302

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 5, 2014
Vulnerability Reserved
May 14, 2014