CVE-2014-3468

Name of the Vulnerable Software and Affected Versions libtasn1 versions prior to 3.6 libtasn1-devel versions 2.3 through 3.3 libtasn1-debuginfo versions 2.3 through 3.3 libtasn1-tools versions 2.3 through 3.3

Description The issue is related to multiple vulnerabilities in the libtasn1 package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The asn1 get bit der function in GNU Libtasn1 before version 3.6 does not properly report an error when a negative bit length is identified, allowing context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

Recommendations For libtasn1 versions prior to 3.6, update to version 3.6 or later to resolve the issue. For libtasn1-devel versions 2.3 through 3.3, update to version 3.6 or later to resolve the issue. For libtasn1-debuginfo versions 2.3 through 3.3, update to version 3.6 or later to resolve the issue. For libtasn1-tools versions 2.3 through 3.3, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available.