CVE-2006-0645

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.gleg.net/protover_ssl.shtml
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
http://rhn.redhat.com/errata/RHSA-2006-0207.html
http://www.osvdb.org/23054
http://securitytracker.com/id?1015612
http://secunia.com/advisories/18794
http://secunia.com/advisories/18815
http://secunia.com/advisories/18830
http://secunia.com/advisories/18832
http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
http://www.securityfocus.com/bid/16568
http://secunia.com/advisories/18918
http://secunia.com/advisories/18898
http://www.trustix.org/errata/2006/0008
http://www.debian.org/security/2006/dsa-986
http://www.debian.org/security/2006/dsa-985
http://secunia.com/advisories/19080
http://secunia.com/advisories/19092
http://www.mandriva.com/security/advisories?name=MDKSA-2006:039
http://securityreason.com/securityalert/446
http://www.vupen.com/english/advisories/2006/0496
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
https://usn.ubuntu.com/251-1/
http://www.securityfocus.com/archive/1/424538/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.0:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.1:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.17:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.2:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.9:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.1:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.2:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.14:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.15:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.16:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.7:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.3:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.13:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.0:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.10:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.6:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.11:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.8:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.4:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.5:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.12:::::::*

Information

Published : 2006-02-10 10:06

Updated : 2018-10-19 08:45

NVD link : CVE-2006-0645

Mitre link : CVE-2006-0645

JSON object : View

CWE

NVD-CWE-Other

Products Affected

free_software_foundation_inc.

libtasn1

7.5 /10