CVE-2006-0645
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/02/2006
Last modified:
03/04/2025
Description
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.11:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
- http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
- http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
- http://rhn.redhat.com/errata/RHSA-2006-0207.html
- http://secunia.com/advisories/18794
- http://secunia.com/advisories/18815
- http://secunia.com/advisories/18830
- http://secunia.com/advisories/18832
- http://secunia.com/advisories/18898
- http://secunia.com/advisories/18918
- http://secunia.com/advisories/19080
- http://secunia.com/advisories/19092
- http://securityreason.com/securityalert/446
- http://securitytracker.com/id?1015612=
- http://www.debian.org/security/2006/dsa-985
- http://www.debian.org/security/2006/dsa-986
- http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
- http://www.gleg.net/protover_ssl.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A039
- http://www.osvdb.org/23054
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
- http://www.securityfocus.com/archive/1/424538/100/0/threaded
- http://www.securityfocus.com/bid/16568
- http://www.trustix.org/errata/2006/0008
- http://www.vupen.com/english/advisories/2006/0496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
- https://usn.ubuntu.com/251-1/
- http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
- http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
- http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
- http://rhn.redhat.com/errata/RHSA-2006-0207.html
- http://secunia.com/advisories/18794
- http://secunia.com/advisories/18815
- http://secunia.com/advisories/18830
- http://secunia.com/advisories/18832
- http://secunia.com/advisories/18898
- http://secunia.com/advisories/18918
- http://secunia.com/advisories/19080
- http://secunia.com/advisories/19092
- http://securityreason.com/securityalert/446
- http://securitytracker.com/id?1015612=
- http://www.debian.org/security/2006/dsa-985
- http://www.debian.org/security/2006/dsa-986
- http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
- http://www.gleg.net/protover_ssl.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A039
- http://www.osvdb.org/23054
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
- http://www.securityfocus.com/archive/1/424538/100/0/threaded
- http://www.securityfocus.com/bid/16568
- http://www.trustix.org/errata/2006/0008
- http://www.vupen.com/english/advisories/2006/0496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
- https://usn.ubuntu.com/251-1/