CVE-2014-3468: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows…

high7.5CVSS 3.1

AVNACLAuNCPIPAP

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	libtasn1-6	< libtasn1-6 3.6-1 (bookworm)	libtasn1-6 3.6-1 (bookworm)
f5	arx_firmware	6.0.0 – 6.4.0	—
gnu	gnutls	< 3.5.7	3.5.7
gnu	libtasn1	< 3.6	3.6
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P

osv7.5HIGH