usn-2294-1
Vulnerability from osv_ubuntu
It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3467)
It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3468)
It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3469)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2014-3467",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-3468",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-3469",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtasn1-3-bin",
"binary_version": "3.4-3ubuntu0.1"
},
{
"binary_name": "libtasn1-6",
"binary_version": "3.4-3ubuntu0.1"
},
{
"binary_name": "libtasn1-bin",
"binary_version": "3.4-3ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "libtasn1-6",
"purl": "pkg:deb/ubuntu/libtasn1-6@3.4-3ubuntu0.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4-3ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.3-2",
"3.4-2",
"3.4-3"
]
}
],
"aliases": [],
"details": "It was discovered that Libtasn1 incorrectly handled certain ASN.1 data\nstructures. An attacker could exploit this with specially crafted ASN.1\ndata and cause applications using Libtasn1 to crash, resulting in a denial\nof service. (CVE-2014-3467)\n\nIt was discovered that Libtasn1 incorrectly handled negative bit lengths.\nAn attacker could exploit this with specially crafted ASN.1 data and cause\napplications using Libtasn1 to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2014-3468)\n\nIt was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An\nattacker could exploit this with specially crafted ASN.1 data and cause\napplications using Libtasn1 to crash, resulting in a denial of service.\n(CVE-2014-3469)\n",
"id": "USN-2294-1",
"modified": "2026-04-22T07:36:31Z",
"published": "2014-07-22T16:55:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2294-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3467"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3468"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3469"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "libtasn1-3, libtasn1-6 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2014-3467",
"UBUNTU-CVE-2014-3468",
"UBUNTU-CVE-2014-3469"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.