7.5

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version < 3.5.7
GnuLibtasn1 Version < 3.6
RedhatVirtualization Version6.0
DebianDebian Linux Version7.0
RedhatEnterprise Linux Eus Version6.5
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp1 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
DebianDebian Linux Version7.0
F5Arx Firmware Version >= 6.0.0 <= 6.4.0
   F5Arx Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.79% 0.886
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://linux.oracle.com/errata/ELSA-2014-0596.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0594.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-0594.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0815.html
Third Party Advisory
http://secunia.com/advisories/59021
Third Party Advisory
http://secunia.com/advisories/59057
Third Party Advisory
http://secunia.com/advisories/59408
Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015302
Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015303
Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0247.html
Third Party Advisory
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
Patch
Vendor Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-0596.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0687.html
Third Party Advisory
http://secunia.com/advisories/58591
Third Party Advisory
http://secunia.com/advisories/58614
Third Party Advisory
http://secunia.com/advisories/60320
Third Party Advisory
http://secunia.com/advisories/60415
Third Party Advisory
http://secunia.com/advisories/61888
Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-3056
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
Third Party Advisory
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1102323
Third Party Advisory
Issue Tracking