CVE-2014-3469

CWE-476NULL Pointer Dereference12 documents8 sources
Severity
5.0MEDIUM
EPSS
8.7%
top 7.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
GNU GnutlsGNU Libtasn1Debian Debian Linux+11 more
Timeline
PublishedJun 5
Latest updateMay 13

Description

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages11 packages

NVDgnu/libtasn1< 3.6
Debianlibtasn1-6< 3.6-1+3
NVDgnu/gnutls< 3.5.7

Also affects: Debian Linux 7.0, Enterprise Linux 6.5, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-52vj-cjhg-wpwv: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 32022-05-13
OSV
libtasn1-3, libtasn1-6 vulnerabilities2014-07-22
CVEList
CVE-2014-3469: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 32014-06-05
OSV
CVE-2014-3469: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 32014-06-05

📋Vendor Advisories

3
Ubuntu
Libtasn1 vulnerabilities2014-07-22
Red Hat
libtasn1: asn1_read_value_type() NULL pointer dereference2014-05-25
Debian
CVE-2014-3469: libtasn1-6 - The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 b...2014

💬Community

4
Bugzilla
CVE-2014-3467 CVE-2014-3469 CVE-2014-3468 libtasn1: various flaws [fedora-all]2014-05-30
Bugzilla
CVE-2014-3467 CVE-2014-3469 CVE-2014-3468 mingw32-gnutls: various flaws [epel-5]2014-05-30
Bugzilla
CVE-2014-3467 CVE-2014-3469 CVE-2014-3468 mingw-libtasn1: various flaws [fedora-all]2014-05-30
Bugzilla
CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference2014-05-28
CVE-2014-3469 (MEDIUM CVSS 5) | The (1) asn1_read_value_type and (2 | cvebase.io