CVE - CVE-2006-0645

CVE-ID
CVE-2006-0645	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1015612 URL:http://securitytracker.com/id?1015612 MISC:16568 URL:http://www.securityfocus.com/bid/16568 MISC:18794 URL:http://secunia.com/advisories/18794 MISC:18815 URL:http://secunia.com/advisories/18815 MISC:18830 URL:http://secunia.com/advisories/18830 MISC:18832 URL:http://secunia.com/advisories/18832 MISC:18898 URL:http://secunia.com/advisories/18898 MISC:18918 URL:http://secunia.com/advisories/18918 MISC:19080 URL:http://secunia.com/advisories/19080 MISC:19092 URL:http://secunia.com/advisories/19092 MISC:2006-0008 URL:~~http://www.trustix.org/errata/2006/0008~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20060209 ProtoVer SSL: GnuTLS URL:http://www.securityfocus.com/archive/1/424538/100/0/threaded MISC:23054 URL:~~http://www.osvdb.org/23054~~ (Obsolete source) MISC:446 URL:http://securityreason.com/securityalert/446 MISC:ADV-2006-0496 URL:~~http://www.vupen.com/english/advisories/2006/0496~~ (Obsolete source) MISC:DSA-985 URL:http://www.debian.org/security/2006/dsa-985 MISC:DSA-986 URL:http://www.debian.org/security/2006/dsa-986 MISC:FEDORA-2006-107 URL:http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html MISC:GLSA-200602-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml MISC:MDKSA-2006:039 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:039~~ (Obsolete source) MISC:RHSA-2006:0207 URL:http://rhn.redhat.com/errata/RHSA-2006-0207.html MISC:USN-251-1 URL:https://usn.ubuntu.com/251-1/ MISC:[gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release URL:http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html MISC:[gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release URL:http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html MISC:[gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release URL:http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html MISC:gnutls-libtasn1-der-dos(24606) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 MISC:http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup URL:http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup MISC:http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup URL:http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup MISC:http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch URL:http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch MISC:http://www.gleg.net/protover_ssl.shtml URL:http://www.gleg.net/protover_ssl.shtml MISC:oval:org.mitre.oval:def:10540 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
Assigning CNA
Red Hat, Inc.
Date Record Created
20060210	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060210)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)