PT-2014-9100 · Gnu+5 · Gnu Libtasn1+5

Publicado

1970-01-01

Atualizado

2024-06-15

CVE-2014-3467

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GNU Libtasn1 versions prior to 3.6

Description The issue is related to multiple unspecified vulnerabilities in the DER decoder of GNU Libtasn1, which can be exploited by remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. These vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For GNU Libtasn1 versions prior to 3.6, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the DER decoder function to minimize the risk of exploitation. Avoid using crafted ASN.1 data in the affected API endpoints until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2014-2314

ALT-PU-2017-1026

BDU:2015-04302

BDU:2015-04303

BDU:2015-04304

BDU:2015-04305

BDU:2015-06328

BDU:2015-06329

BDU:2015-06330

BDU:2015-06331

BDU:2015-06332

BDU:2015-06333

BDU:2015-06334

BDU:2015-06335

BDU:2015-09787

CESA-2014_0596

CVE-2014-3467

DLA-77-1

DSA-3056-1

MGASA-2014-0247

OPENSUSE-SU-2024:10414-1

RHSA-2014:0594

RHSA-2014:0596

RHSA-2014:0687

RHSA-2014:0815

RHSA-2014_0594

RHSA-2014_0596

RHSA-2014_0687

SUSE-SU-2014_0931-1

SUSE-SU-2015:0901-1

USN-2294-1

Produtos afetados

Alt Linux

Centos

Gnu Libtasn1

Red Hat

Suse

Ubuntu

PT-2014-9100 · Gnu+5 · Gnu Libtasn1+5

CVE-2014-3467

Identificadores relacionados

Produtos afetados

Referências · 138