Vulnerability in F5 Arx

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

EPSS: 0.071 (91.7th percentile) — read the EPSS interpretation.

Affected products

F5 Arx
F5 Arx_firmware
Gnu Gnutls
Gnu Libtasn1
Debian Debian_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 5.0, 6.0, 7.0
Redhat Enterprise_linux_eus — versions 6.5, 7.3, 7.4
Redhat Enterprise_linux_server — versions 5.0, 6.0, 7.0
Redhat Enterprise_linux_server_aus — versions 6.5, 7.3, 7.4
Redhat Enterprise_linux_server_tus — versions 6.5, 7.3, 7.6

References

60320 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
DSA-3056 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
59057 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
SUSE-SU-2014:0758 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
MDVSA-2015:116 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
59021 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
61888 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)