CVE-2006-7239
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
24/05/2010
Last modified:
11/04/2025
Description
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* | 1.4.1 (including) | |
| cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html
- http://www.gnu.org/software/gnutls/security.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html
- http://www.gnu.org/software/gnutls/security.html