CVE-2014-3468
CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0247.htmlhttp://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923fhttp://linux.oracle.com/errata/ELSA-2014-0594.htmlhttp://linux.oracle.com/errata/ELSA-2014-0596.htmlhttp://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0594.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0596.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0687.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0815.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1102323