{"id":"MGASA-2014-0247","summary":"Updated libtasn1 packages fix CVE-2014-3467-9","details":"Updated libtasn1 packages fix security vulnerabilities:\n\nMultiple buffer boundary check issues were discovered in libtasn1 library,\ncausing it to read beyond the boundary of an allocated buffer.  An untrusted\nASN.1 input could cause an application using the library to crash\n(CVE-2014-3467).\n\nIt was discovered that libtasn1 library function asn1_get_bit_der() could\nincorrectly report negative bit length of the value read from ASN.1 input.\nThis could possibly lead to an out of bounds access in an application using\nlibtasn1, for example in case if application tried to terminate read value\nwith NUL byte (CVE-2014-3468).\n\nA NULL pointer dereference flaw was found in libtasn1's\nasn1_read_value_type() / asn1_read_value() function. If an application\ncalled the function with a NULL value for an ivalue argument to determine\nthe amount of memory needed to store data to be read from the ASN.1 input,\nlibtasn1 could incorrectly attempt to dereference the NULL pointer, causing\nan application using the library to crash (CVE-2014-3469).\n","modified":"2026-04-16T00:09:05.867628067Z","published":"2014-06-02T18:44:30Z","upstream":["CVE-2014-3467","CVE-2014-3468","CVE-2014-3469"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0247.html"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3467"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3468"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3469"},{"type":"WEB","url":"http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13456"}],"affected":[{"package":{"name":"libtasn1","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/libtasn1?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0247.json"}},{"package":{"name":"libtasn1","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libtasn1?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0247.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}