CVE-2014-3469 — MEDIUM (5.0)

Q: How severe is CVE-2014-3469?

CVE-2014-3469 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3469?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls, Gnu Libtasn1, Redhat Virtualization, Debian Debian Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gnu	Gnutls	< 3.5.7
Gnu	Libtasn1	< 3.6
Redhat	Virtualization	6.0
Debian	Debian Linux	7.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	6.5
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	6.5
Redhat	Enterprise Linux Server Tus	6.5
Redhat	Enterprise Linux Workstation	5.0
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise High Availability Extension	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11

Related Weaknesses (CWE)

CWE-476

References

http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
http://secunia.com/advisories/58591Third Party Advisory
http://secunia.com/advisories/58614Third Party Advisory
http://secunia.com/advisories/59021Third Party Advisory
http://secunia.com/advisories/59057Third Party Advisory
http://secunia.com/advisories/59408Third Party Advisory

FAQ

What is CVE-2014-3469?

CVE-2014-3469 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NUL...

How severe is CVE-2014-3469?

CVE-2014-3469 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3469?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls, Gnu Libtasn1, Redhat Virtualization, Debian Debian Linux, Redhat Enterprise Linux Desktop.