CVE-2014-3468

Published: 05 June 2014

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

Priority

Medium

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
Upstream
Released (3.6)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.4-3ubuntu0.1)
Patches:
Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f