CVE-2014-3469

Name of the Vulnerable Software and Affected Versions libtasn1 versions prior to 3.6 libtasn1-devel versions 2.3 through 3.3 libtasn1-debuginfo versions 2.3 through 3.3 libtasn1-tools versions 2.3 through 3.3

Description Multiple vulnerabilities in the libtasn1 package can lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely, allowing context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. The asn1 read value type and asn1 read value functions are specifically affected.

Recommendations For libtasn1 versions prior to 3.6, update to version 3.6 or later to resolve the issue. For libtasn1-devel versions 2.3 through 3.3, update to a version outside of this range to mitigate the risk. For libtasn1-debuginfo versions 2.3 through 3.3, update to a version outside of this range to mitigate the risk. For libtasn1-tools versions 2.3 through 3.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable functions asn1 read value type and asn1 read value until a patch is available.