CVE-2014-3467

CWE-125Out-of-bounds Read12 documents8 sources
Severity
5.0MEDIUM
EPSS
6.8%
top 8.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
GNU GnutlsGNU Libtasn1F5 ARX Firmware+12 more
Timeline
PublishedJun 5
Latest updateMay 13

Description

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages13 packages

NVDgnu/gnutls< 3.5.7
NVDgnu/libtasn1< 3.6
Debianlibtasn1-6< 3.6-1+3
Ubuntulibtasn1-6< 3.4-3ubuntu0.1
NVDf5/arx_firmware6.0.06.4.0

Also affects: Debian Linux 7.0, Enterprise Linux 6.5, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: lists.gnu.orgPatch: bugzilla.redhat.comPatch: lists.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-pfh9-rfxw-j6x2: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 32022-05-13
OSV
libtasn1-3, libtasn1-6 vulnerabilities2014-07-22
CVEList
CVE-2014-3467: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 32014-06-05
OSV
CVE-2014-3467: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 32014-06-05

📋Vendor Advisories

3
Ubuntu
Libtasn1 vulnerabilities2014-07-22
Red Hat
libtasn1: multiple boundary check issues2014-05-25
Debian
CVE-2014-3467: libtasn1-6 - Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3...2014

💬Community

4
Bugzilla
CVE-2014-3467 CVE-2014-3469 CVE-2014-3468 libtasn1: various flaws [fedora-all]2014-05-30
Bugzilla
CVE-2014-3467 CVE-2014-3469 CVE-2014-3468 mingw32-gnutls: various flaws [epel-5]2014-05-30
Bugzilla
CVE-2014-3467 CVE-2014-3469 CVE-2014-3468 mingw-libtasn1: various flaws [fedora-all]2014-05-30
Bugzilla
CVE-2014-3467 libtasn1: multiple boundary check issues2014-05-28