Описание
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | gnutls | Will not fix | ||
| Red Hat Enterprise Linux 6 | mingw32-gnutls | Will not fix | ||
| Red Hat Enterprise Linux 5 | gnutls | Fixed | RHSA-2014:0594 | 03.06.2014 |
| Red Hat Enterprise Linux 6 | libtasn1 | Fixed | RHSA-2014:0596 | 03.06.2014 |
| Red Hat Enterprise Linux 7 | libtasn1 | Fixed | RHSA-2014:0687 | 10.06.2014 |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | rhev-hypervisor6 | Fixed | RHSA-2014:0815 | 30.06.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not prop ...
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
EPSS
6.8 Medium
CVSS2