CVE-2014-3467 — MEDIUM (5.0)

Q: What is CVE-2014-3467?

CVE-2014-3467 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Q: How severe is CVE-2014-3467?

CVE-2014-3467 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3467?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls, Gnu Libtasn1, Redhat Virtualization, Debian Debian Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gnu	Gnutls	< 3.5.7
Gnu	Libtasn1	< 3.6
Redhat	Virtualization	6.0
Debian	Debian Linux	7.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	6.5
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	6.5
Redhat	Enterprise Linux Server Tus	6.5
Redhat	Enterprise Linux Workstation	5.0
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise High Availability Extension	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
F5	Arx Firmware	>= 6.0.0, <= 6.4.0
F5	Arx	-

References

http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
http://secunia.com/advisories/58591Third Party Advisory
http://secunia.com/advisories/58614Third Party Advisory
http://secunia.com/advisories/59021Third Party Advisory
http://secunia.com/advisories/59057Third Party Advisory
http://secunia.com/advisories/59408Third Party Advisory

FAQ

What is CVE-2014-3467?

CVE-2014-3467 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

How severe is CVE-2014-3467?

CVE-2014-3467 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3467?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls, Gnu Libtasn1, Redhat Virtualization, Debian Debian Linux, Redhat Enterprise Linux Desktop.