Debian Security Advisory DSA 3056-1 (libtasn1-3 - Security Update) Network Vulnerability

Summary

Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference.

Solution

For the stable distribution (wheezy), these problems have been fixed in version 2.13-2+deb7u1. We recommend that you upgrade your libtasn1-3 packages.

Insight

Manage ASN1 (Abstract Syntax Notation One) structures. The main features of this library are: * on-line ASN1 structure management that doesn't require any C code file generation. * off-line ASN1 structure management with C code file generation containing an array. * DER (Distinguish Encoding Rules) encoding * no limits for INTEGER and ENUMERATED values

Affected

libtasn1-3 on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3056.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3467, CVE-2014-3468, CVE-2014-3469

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 3056-1 (libtasn1-3 - security update)

Take action and discover your vulnerabilities