CVE-2014-3468
Description
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.744
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Library to manage ASN.1 structures (USN-2294-1) libtasn1-6_3.4-3ubuntu0.3_i386.deb | Linux |
| Library to manage ASN.1 structures (USN-2294-1) libtasn1-6_3.4-3ubuntu0.3_amd64.deb | Linux |
| Libtasn1 update (CESA-2014:0596) libtasn1-2.3-6.el6_5.i686.rpm | Linux |
| Libtasn1 update (CESA-2014:0596) libtasn1-2.3-6.el6_5.x86_64.rpm | Linux |
| Libtasn1 update (CESA-2014:0596) libtasn1-devel-2.3-6.el6_5.i686.rpm | Linux |
| Libtasn1 update (CESA-2014:0596) libtasn1-devel-2.3-6.el6_5.x86_64.rpm | Linux |
| Libtasn1 update (CESA-2014:0596) libtasn1-tools-2.3-6.el6_5.i686.rpm | Linux |
| Libtasn1 update (CESA-2014:0596) libtasn1-tools-2.3-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2014:0594) Important: gnutls security update gnutls-1.4.1-16.el5_10.i386.rpm | Linux |
| (RHSA-2014:0594) Important: gnutls security update gnutls-1.4.1-16.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0594) Important: gnutls security update gnutls-devel-1.4.1-16.el5_10.i386.rpm | Linux |
| (RHSA-2014:0594) Important: gnutls security update gnutls-devel-1.4.1-16.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0594) Important: gnutls security update gnutls-utils-1.4.1-16.el5_10.i386.rpm | Linux |
| (RHSA-2014:0594) Important: gnutls security update gnutls-utils-1.4.1-16.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0596) Moderate: libtasn1 security update libtasn1-2.3-6.el6_5.i686.rpm | Linux |
| (RHSA-2014:0596) Moderate: libtasn1 security update libtasn1-2.3-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2014:0596) Moderate: libtasn1 security update libtasn1-devel-2.3-6.el6_5.i686.rpm | Linux |
| (RHSA-2014:0596) Moderate: libtasn1 security update libtasn1-devel-2.3-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2014:0596) Moderate: libtasn1 security update libtasn1-tools-2.3-6.el6_5.i686.rpm | Linux |
| (RHSA-2014:0596) Moderate: libtasn1 security update libtasn1-tools-2.3-6.el6_5.x86_64.rpm | Linux |
| Incorrect Calculation of Buffer Size Vulnerability (CVE-2014-3468) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234