ID CVE-2014-3469
Summary The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:0.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:0.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libtasn1:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libtasn1:3.5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1102329
    title CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment gnutls is earlier than 0:1.4.1-16.el5_10
          oval oval:com.redhat.rhsa:tst:20140594002
        • comment gnutls is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20120319003
      • AND
        • comment gnutls-devel is earlier than 0:1.4.1-16.el5_10
          oval oval:com.redhat.rhsa:tst:20140594006
        • comment gnutls-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20120319005
      • AND
        • comment gnutls-utils is earlier than 0:1.4.1-16.el5_10
          oval oval:com.redhat.rhsa:tst:20140594004
        • comment gnutls-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20120319007
    rhsa
    id RHSA-2014:0594
    released 2014-06-03
    severity Important
    title RHSA-2014:0594: gnutls security update (Important)
  • bugzilla
    id 1102329
    title CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libtasn1 is earlier than 0:2.3-6.el6_5
          oval oval:com.redhat.rhsa:tst:20140596005
        • comment libtasn1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427006
      • AND
        • comment libtasn1-devel is earlier than 0:2.3-6.el6_5
          oval oval:com.redhat.rhsa:tst:20140596007
        • comment libtasn1-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427010
      • AND
        • comment libtasn1-tools is earlier than 0:2.3-6.el6_5
          oval oval:com.redhat.rhsa:tst:20140596009
        • comment libtasn1-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427008
    rhsa
    id RHSA-2014:0596
    released 2014-06-03
    severity Moderate
    title RHSA-2014:0596: libtasn1 security update (Moderate)
  • bugzilla
    id 1102329
    title CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment libtasn1 is earlier than 0:3.3-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140687005
        • comment libtasn1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427006
      • AND
        • comment libtasn1-devel is earlier than 0:3.3-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140687009
        • comment libtasn1-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427010
      • AND
        • comment libtasn1-tools is earlier than 0:3.3-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140687007
        • comment libtasn1-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427008
    rhsa
    id RHSA-2014:0687
    released 2014-06-10
    severity Moderate
    title RHSA-2014:0687: libtasn1 security update (Moderate)
  • rhsa
    id RHSA-2014:0815
rpms
  • gnutls-0:1.4.1-16.el5_10
  • gnutls-devel-0:1.4.1-16.el5_10
  • gnutls-utils-0:1.4.1-16.el5_10
  • libtasn1-0:2.3-6.el6_5
  • libtasn1-devel-0:2.3-6.el6_5
  • libtasn1-tools-0:2.3-6.el6_5
  • libtasn1-0:3.3-5.el7_0
  • libtasn1-devel-0:3.3-5.el7_0
  • libtasn1-tools-0:3.3-5.el7_0
refmap via4
confirm
debian DSA-3056
mandriva MDVSA-2015:116
mlist [help-libtasn1] 20140525 GNU Libtasn1 3.6 released
secunia
  • 58591
  • 58614
  • 59021
  • 59057
  • 59408
  • 60320
  • 60415
  • 61888
suse
  • SUSE-SU-2014:0758
  • SUSE-SU-2014:0788
Last major update 22-04-2019 - 17:48
Published 05-06-2014 - 20:55
Back to Top