Description
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References (25)
... and 5 more
Scores
EPSS
0.1074
EPSS Percentile
93.4%
Details
CWE
CWE-131
Status
published
Products (33)
debian/debian_linux
7.0
f5/arx_firmware
6.0.0 - 6.4.0
gnu/gnutls
< 3.5.7
gnu/libtasn1
< 3.6
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_eus
6.5
redhat/enterprise_linux_eus
7.3
redhat/enterprise_linux_eus
7.4
... and 23 more
Published
Jun 05, 2014
Tracked Since
Feb 18, 2026