CVE-2014-3469

Name: CVE-2014-3469
Creator: NVD / NIST
Published: 2014-06-05T20:55:06.347+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.82%

Last modified Jun 17, 2026

CVE-2014-3469 is a vulnerability of currently unknown severity. The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.. EPSS estimates a 3.82% chance of exploitation in the next 30 days.

Description

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Metrics

EPSS Probability

3.82%

88.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-476

Affected Software

Vendor	Product	Versions	Update
Gnu	Gnutls	< 3.5.7	—
Gnu	Libtasn1	< 3.6	—
Redhat	Virtualization	6.0	—
Debian	Debian Linux	7.0	—
Redhat	Enterprise Linux Desktop	5.0	—
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Eus	6.5	—
Redhat	Enterprise Linux Eus	7.3	—
Redhat	Enterprise Linux Eus	7.4	—
Redhat	Enterprise Linux Eus	7.5	—
Redhat	Enterprise Linux Eus	7.6	—
Redhat	Enterprise Linux Eus	7.7	—
Redhat	Enterprise Linux Server	5.0	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Server Aus	6.5	—
Redhat	Enterprise Linux Server Aus	7.3	—
Redhat	Enterprise Linux Server Aus	7.4	—
Redhat	Enterprise Linux Server Aus	7.6	—
Redhat	Enterprise Linux Server Aus	7.7	—
Redhat	Enterprise Linux Server Tus	6.5	—
Redhat	Enterprise Linux Server Tus	7.3	—
Redhat	Enterprise Linux Server Tus	7.6	—
Redhat	Enterprise Linux Server Tus	7.7	—
Redhat	Enterprise Linux Workstation	5.0	—
Redhat	Enterprise Linux Workstation	6.0	—
Redhat	Enterprise Linux Workstation	7.0	—
Suse	Linux Enterprise Desktop	11	Sp3
Suse	Linux Enterprise High Availability Extension	11	Sp3
Suse	Linux Enterprise Server	11	Sp1
Suse	Linux Enterprise Software Development Kit	11	Sp3

References

http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatch, Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
http://secunia.com/advisories/58591Third Party Advisory
http://secunia.com/advisories/58614Third Party Advisory
http://secunia.com/advisories/59021Third Party Advisory
http://secunia.com/advisories/59057Third Party Advisory
http://secunia.com/advisories/59408Third Party Advisory
http://secunia.com/advisories/60320Third Party Advisory
http://secunia.com/advisories/60415Third Party Advisory
http://secunia.com/advisories/61888Third Party Advisory
http://www.debian.org/security/2014/dsa-3056Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1102329Issue Tracking, Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatch, Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
http://secunia.com/advisories/58591Third Party Advisory
http://secunia.com/advisories/58614Third Party Advisory
http://secunia.com/advisories/59021Third Party Advisory
http://secunia.com/advisories/59057Third Party Advisory
http://secunia.com/advisories/59408Third Party Advisory
http://secunia.com/advisories/60320Third Party Advisory
http://secunia.com/advisories/60415Third Party Advisory
http://secunia.com/advisories/61888Third Party Advisory
http://www.debian.org/security/2014/dsa-3056Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1102329Issue Tracking, Third Party Advisory

Timeline

Published: Jun 5, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-3469?

How severe is CVE-2014-3469?

Severity scoring for CVE-2014-3469 is pending analysis. The EPSS model estimates a 3.82% probability of exploitation in the next 30 days.

How do I fix CVE-2014-3469?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3469?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST