5

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Data is provided by the National Vulnerability Database (NVD)
GnuGnutls Version < 3.5.7
GnuLibtasn1 Version < 3.6
RedhatVirtualization Version6.0
DebianDebian Linux Version7.0
RedhatEnterprise Linux Eus Version6.5
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp1 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 4.68% 0.889
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://bugzilla.redhat.com/show_bug.cgi?id=1102329
Third Party Advisory
Issue Tracking