Vulnerability Name: | CVE-2006-0645 (CCN-24606) | ||||||||||||||||||||||||
Assigned: | 2006-02-09 | ||||||||||||||||||||||||
Published: | 2006-02-09 | ||||||||||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||||||||||
Summary: | Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | ||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2006-0645 Source: MISC Type: UNKNOWN http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup Source: CONFIRM Type: UNKNOWN http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup Source: MISC Type: UNKNOWN http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch Source: CCN Type: Tiny ASN.1 library Web page Tiny ASN.1 library - Libtasn1 Source: CCN Type: gnutls-dev Mailing List, Thu Feb 9 16:38:35 CET 2006 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release Source: MLIST Type: UNKNOWN [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release Source: MLIST Type: UNKNOWN [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release Source: MLIST Type: UNKNOWN [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release Source: CCN Type: RHSA-2006-0207 gnutls security update Source: REDHAT Type: UNKNOWN RHSA-2006:0207 Source: CCN Type: SA18794 GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities Source: SECUNIA Type: UNKNOWN 18794 Source: SECUNIA Type: UNKNOWN 18815 Source: SECUNIA Type: UNKNOWN 18830 Source: SECUNIA Type: UNKNOWN 18832 Source: SECUNIA Type: UNKNOWN 18898 Source: SECUNIA Type: UNKNOWN 18918 Source: SECUNIA Type: UNKNOWN 19080 Source: SECUNIA Type: UNKNOWN 19092 Source: SREASON Type: UNKNOWN 446 Source: CCN Type: SECTRACK ID: 1015612 GnuTLS libtasn1 DER Decoding Bugs Let Remote Users Deny Service Source: SECTRACK Type: UNKNOWN 1015612 Source: DEBIAN Type: UNKNOWN DSA-985 Source: DEBIAN Type: UNKNOWN DSA-986 Source: DEBIAN Type: DSA-985 libtasn1-2 -- buffer overflows Source: DEBIAN Type: DSA-986 gnutls11 -- buffer overflows Source: GENTOO Type: UNKNOWN GLSA-200602-08 Source: MISC Type: UNKNOWN http://www.gleg.net/protover_ssl.shtml Source: MANDRIVA Type: UNKNOWN MDKSA-2006:039 Source: OSVDB Type: UNKNOWN 23054 Source: CCN Type: OSVDB ID: 23054 GnuTLS libtasn1 DER Decoding Overflow DoS Source: CCN Type: Fedora Update Notification FEDORA-2006-107 Fedora Core 4 Update: gnutls-1.0.25-2.FC4 Source: FEDORA Type: UNKNOWN FEDORA-2006-107 Source: BUGTRAQ Type: UNKNOWN 20060209 ProtoVer SSL: GnuTLS Source: BID Type: UNKNOWN 16568 Source: CCN Type: BID-16568 GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities Source: TRUSTIX Type: UNKNOWN 2006-0008 Source: CCN Type: USN-251-1 libtasn vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-0496 Source: XF Type: UNKNOWN gnutls-libtasn1-der-dos(24606) Source: XF Type: UNKNOWN gnutls-libtasn1-der-dos(24606) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10540 Source: UBUNTU Type: UNKNOWN USN-251-1 | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: ![]() | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |