CVE-2006-0645

Description

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

References

https://usn.ubuntu.com/251-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540

https://exchange.xforce.ibmcloud.com/vulnerabilities/24606

http://www.vupen.com/english/advisories/2006/0496

http://www.trustix.org/errata/2006/0008

http://www.securityfocus.com/bid/16568

http://www.securityfocus.com/archive/1/424538/100/0/threaded

http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html

http://www.osvdb.org/23054

http://www.mandriva.com/security/advisories?name=MDKSA-2006:039

http://www.gleg.net/protover_ssl.shtml

http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml

http://www.debian.org/security/2006/dsa-986

http://www.debian.org/security/2006/dsa-985

http://securitytracker.com/id?1015612

http://securityreason.com/securityalert/446

http://secunia.com/advisories/19092

http://secunia.com/advisories/19080

http://secunia.com/advisories/18918

http://secunia.com/advisories/18898

http://secunia.com/advisories/18832

http://secunia.com/advisories/18830

http://secunia.com/advisories/18815

http://secunia.com/advisories/18794

http://rhn.redhat.com/errata/RHSA-2006-0207.html

http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html

http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html

http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html

http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch

http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup

http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3