Your submission was sent successfully! Close

CVE-2014-3468

Published: 5 June 2014

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

Priority

Medium

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
lucid
Released (2.4-1ubuntu0.2)
precise
Released (2.10-1ubuntu1.2)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream Needs triage

libtasn1-6
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Ignored
(reached end-of-life)
trusty
Released (3.4-3ubuntu0.1)
upstream
Released (3.6)