Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Security Impact Summary

CVE-2014-3467 is a security vulnerability that . Impacting 16 products from gnu, from gnu, from redhat and 13 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2014, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2014-06-05T20:55:06.033

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	gnutls	< 3.5.7	Yes
Application	gnu	libtasn1	< 3.6	Yes
Application	redhat	virtualization	6.0	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	redhat	enterprise_linux_desktop	5.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	6.5	Yes
Operating System	redhat	enterprise_linux_eus	7.3	Yes
Operating System	redhat	enterprise_linux_eus	7.4	Yes
Operating System	redhat	enterprise_linux_eus	7.5	Yes
Operating System	redhat	enterprise_linux_eus	7.6	Yes
Operating System	redhat	enterprise_linux_eus	7.7	Yes
Operating System	redhat	enterprise_linux_server	5.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	6.5	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_tus	6.5	Yes
Operating System	redhat	enterprise_linux_server_tus	7.3	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_workstation	5.0	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	suse	linux_enterprise_desktop	11	Yes
Operating System	suse	linux_enterprise_high_availability_extension	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_software_development_kit	11	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	f5	arx_firmware	≤ 6.4.0	Yes
Hardware	f5	arx	-	No

References

http://advisories.mageia.org/MGASA-2014-0247.html Third Party Advisory ([email protected])
http://linux.oracle.com/errata/ELSA-2014-0594.html Third Party Advisory ([email protected])
http://linux.oracle.com/errata/ELSA-2014-0596.html Third Party Advisory ([email protected])
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html Patch, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0594.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0596.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0687.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0815.html Third Party Advisory ([email protected])
http://secunia.com/advisories/58591 Third Party Advisory ([email protected])
http://secunia.com/advisories/58614 Third Party Advisory ([email protected])
http://secunia.com/advisories/59021 Third Party Advisory ([email protected])
http://secunia.com/advisories/59057 Third Party Advisory ([email protected])
http://secunia.com/advisories/59408 Third Party Advisory ([email protected])
http://secunia.com/advisories/60320 Third Party Advisory ([email protected])
http://secunia.com/advisories/60415 Third Party Advisory ([email protected])
http://secunia.com/advisories/61888 Third Party Advisory ([email protected])
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html Third Party Advisory ([email protected])
http://www.debian.org/security/2014/dsa-3056 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116 Third Party Advisory ([email protected])
http://www.novell.com/support/kb/doc.php?id=7015302 Third Party Advisory ([email protected])
http://www.novell.com/support/kb/doc.php?id=7015303 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1102022 Issue Tracking, Patch, Third Party Advisory ([email protected])
http://advisories.mageia.org/MGASA-2014-0247.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-0594.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-0596.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0594.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0596.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0687.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0815.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/58591 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/58614 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59021 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59057 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60320 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60415 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/61888 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-3056 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/support/kb/doc.php?id=7015302 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/support/kb/doc.php?id=7015303 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1102022 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For gnu's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.