CVE-2006-0645

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
http://rhn.redhat.com/errata/RHSA-2006-0207.html
http://secunia.com/advisories/18794
http://secunia.com/advisories/18815
http://secunia.com/advisories/18830
http://secunia.com/advisories/18832
http://secunia.com/advisories/18898
http://secunia.com/advisories/18918
http://secunia.com/advisories/19080
http://secunia.com/advisories/19092
http://securityreason.com/securityalert/446
http://securitytracker.com/id?1015612
http://www.debian.org/security/2006/dsa-985
http://www.debian.org/security/2006/dsa-986
http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
http://www.gleg.net/protover_ssl.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:039
http://www.osvdb.org/23054
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
http://www.securityfocus.com/archive/1/424538/100/0/threaded
http://www.securityfocus.com/bid/16568
http://www.trustix.org/errata/2006/0008
http://www.vupen.com/english/advisories/2006/0496
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
https://usn.ubuntu.com/251-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.0:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.1:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.1.2:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.0:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.1:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.2:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.3:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.4:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.5:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.6:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.7:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.8:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.9:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.10:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.11:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.12:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.13:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.14:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.15:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.16:::::::*
	cpe:2.3:a:free_software_foundation_inc.:libtasn1:0.2.17:::::::*

History

No history.

Information

Published : 2006-02-10 18:06

Updated : 2024-02-28 10:42

NVD link : CVE-2006-0645

Mitre link : CVE-2006-0645

CVE.ORG link : CVE-2006-0645

JSON object : View

Products Affected

free_software_foundation_inc.

libtasn1

CWE

NVD-CWE-Other

7.5 /10