Vulnerability in F5 Arx

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

EPSS: 0.098 (93.1th percentile) — read the EPSS interpretation.

Affected products

F5 Arx
F5 Arx_firmware
Gnu Gnutls
Gnu Libtasn1
Debian Debian_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 5.0, 6.0, 7.0
Redhat Enterprise_linux_eus — versions 6.5, 7.3, 7.4
Redhat Enterprise_linux_server — versions 5.0, 6.0, 7.0
Redhat Enterprise_linux_server_aus — versions 6.5, 7.3, 7.4
Redhat Enterprise_linux_server_tus — versions 6.5, 7.3, 7.6

Weakness classification (CWE)

CWE-131 — Incorrect Calculation of Buffer Size

References

60320 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
DSA-3056 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
59057 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
SUSE-SU-2014:0758 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
MDVSA-2015:116 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
59021 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)