CVE-2014-3467

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

References

http://advisories.mageia.org/MGASA-2014-0247.html

http://linux.oracle.com/errata/ELSA-2014-0594.html

http://linux.oracle.com/errata/ELSA-2014-0596.html

http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html

http://rhn.redhat.com/errata/RHSA-2014-0594.html

http://rhn.redhat.com/errata/RHSA-2014-0596.html

http://rhn.redhat.com/errata/RHSA-2014-0687.html

http://rhn.redhat.com/errata/RHSA-2014-0815.html

http://secunia.com/advisories/58591

http://secunia.com/advisories/58614

http://secunia.com/advisories/59021

http://secunia.com/advisories/59057

http://secunia.com/advisories/59408

http://secunia.com/advisories/60320

http://secunia.com/advisories/60415

http://secunia.com/advisories/61888

http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html

http://www.debian.org/security/2014/dsa-3056

http://www.mandriva.com/security/advisories?name=MDVSA-2015:116

http://www.novell.com/support/kb/doc.php?id=7015302

http://www.novell.com/support/kb/doc.php?id=7015303

https://bugzilla.redhat.com/show_bug.cgi?id=1102022

Details

Source: MITRE

Published: 2014-06-05

Updated: 2020-11-16

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
82369Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:116)NessusMandriva Local Security Checks
medium
82222Debian DLA-77-1 : libtasn1-3 security updateNessusDebian Local Security Checks
medium
80632Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)NessusSolaris Local Security Checks
medium
79108RHEL 6 : rhev-hypervisor6 (RHSA-2014:0815)NessusRed Hat Local Security Checks
medium
78681Debian DSA-3056-1 : libtasn1-3 - security updateNessusDebian Local Security Checks
medium
78302Amazon Linux AMI : libtasn1 (ALAS-2014-359)NessusAmazon Linux Local Security Checks
medium
77453GLSA-201408-09 : GNU Libtasn1: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
76896RHEL 7 : libtasn1 (RHSA-2014:0687)NessusRed Hat Local Security Checks
medium
76755SuSE 11.3 Security Update : libtasn1 (SAT Patch Number 9528)NessusSuSE Local Security Checks
medium
76734Oracle Linux 7 : libtasn1 (ELSA-2014-0687)NessusOracle Linux Local Security Checks
medium
76704Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : libtasn1-3, libtasn1-6 vulnerabilities (USN-2294-1)NessusUbuntu Local Security Checks
medium
74416Mandriva Linux Security Advisory : libtasn1 (MDVSA-2014:107)NessusMandriva Local Security Checks
medium
74407Fedora 19 : libtasn1-3.6-1.fc19 (2014-6919)NessusFedora Local Security Checks
medium
74330Slackware 14.0 / 14.1 / current : libtasn1 (SSA:2014-156-02)NessusSlackware Local Security Checks
medium
74329Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-156-01)NessusSlackware Local Security Checks
medium
74321SuSE 11.3 Security Update : gnutls (SAT Patch Number 9320)NessusSuSE Local Security Checks
medium
74317Fedora 20 : libtasn1-3.6-1.fc20 (2014-6895)NessusFedora Local Security Checks
medium
74311CentOS 6 : libtasn1 (CESA-2014:0596)NessusCentOS Local Security Checks
medium
74309CentOS 5 : gnutls (CESA-2014:0594)NessusCentOS Local Security Checks
medium
74307Scientific Linux Security Update : libtasn1 on SL6.x i386/x86_64 (20140603)NessusScientific Linux Local Security Checks
medium
74305Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20140603)NessusScientific Linux Local Security Checks
medium
74303RHEL 6 : libtasn1 (RHSA-2014:0596)NessusRed Hat Local Security Checks
medium
74301RHEL 5 : gnutls (RHSA-2014:0594)NessusRed Hat Local Security Checks
medium
74298Oracle Linux 6 : libtasn1 (ELSA-2014-0596)NessusOracle Linux Local Security Checks
medium
74296Oracle Linux 5 : gnutls (ELSA-2014-0594)NessusOracle Linux Local Security Checks
medium